From 4709f0d2c90e7e37572927b4092029a0ffcddc73 Mon Sep 17 00:00:00 2001
From: Harsh Pathak <harsh.pathak@snowflake.com>
Date: Wed, 28 Sep 2022 19:50:25 -0700
Subject: [PATCH 1/2] Delete old semgrep workflow

---
 .github/workflows/semgrep_internal.yml | 18 ------------------
 1 file changed, 18 deletions(-)
 delete mode 100644 .github/workflows/semgrep_internal.yml

diff --git a/.github/workflows/semgrep_internal.yml b/.github/workflows/semgrep_internal.yml
deleted file mode 100644
index e3f0d88..0000000
--- a/.github/workflows/semgrep_internal.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-name: Semgrep
-
-on:
-  pull_request: {}
-
-jobs:
-  semgrep:
-    name: Scan
-    runs-on: ubuntu-latest
-    if: (github.actor != 'dependabot[bot]')
-    steps:
-      - uses: actions/checkout@v2
-      - uses: returntocorp/semgrep-action@v1
-        with:
-          auditOn: push
-          publishUrl: https://semgrep.snowflake.com
-          publishDeployment: 1
-          publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}

From 1bce2f5e5bda8f113226f6a23b0e2eb004af8cc4 Mon Sep 17 00:00:00 2001
From: Harsh Pathak <harsh.pathak@snowflake.com>
Date: Wed, 28 Sep 2022 19:50:26 -0700
Subject: [PATCH 2/2] Add new semgrep workflow file

---
 .github/workflows/semgrep.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 .github/workflows/semgrep.yml

diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
new file mode 100644
index 0000000..d2a4977
--- /dev/null
+++ b/.github/workflows/semgrep.yml
@@ -0,0 +1,16 @@
+---
+name: Run semgrep checks
+
+on:
+  pull_request:
+    branches: [master]
+
+permissions:
+  contents: read
+
+jobs:
+  run-semgrep-reusable-workflow:
+    uses: snowflakedb/reusable-workflows/.github/workflows/semgrep-v2.yml@main
+    secrets:
+      token: ${{ secrets.SEMGREP_APP_TOKEN }}
+