From cd3f6a464ea0641ce0c9072cbc2afb89da0d05fd Mon Sep 17 00:00:00 2001
From: Michael Long <31821088+bluesentinelsec@users.noreply.github.com>
Date: Thu, 18 Apr 2024 11:37:05 -0400
Subject: [PATCH] Added semgrep code scanning (#33)

* add semgrep workflow

* test upload/download

* testing semgrep with manual installation

* revert to working YML

* display findings

* revert to working config

---------

Co-authored-by: Michael Long <mlongii@amazon.com>
---
 .github/workflows/scan_repo_with_semgrep.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 .github/workflows/scan_repo_with_semgrep.yml

diff --git a/.github/workflows/scan_repo_with_semgrep.yml b/.github/workflows/scan_repo_with_semgrep.yml
new file mode 100644
index 0000000..91dcae6
--- /dev/null
+++ b/.github/workflows/scan_repo_with_semgrep.yml
@@ -0,0 +1,20 @@
+name: Semgrep Scan
+
+on: [push]
+
+jobs:
+  semgrep:
+    runs-on: ubuntu-latest
+    container:
+      image: semgrep/semgrep
+
+    steps:
+      - name: Checkout this repository
+        uses: actions/checkout@v4
+
+      - name: semgrep scan
+        run: |
+            semgrep \
+              --sarif --output report.sarif \
+              --metrics=off \
+              --config="p/default"