From 37f5282c3acda79a64562c792a4faa378142879f Mon Sep 17 00:00:00 2001
From: Ilya Kheifets <138466237+ikheifets-splunk@users.noreply.github.com>
Date: Fri, 18 Oct 2024 12:27:41 +0200
Subject: [PATCH] chore: upgrade deprecated semgrep (#1106)

Signed-off-by: Ilya Kheifets <ikheifets@splunk.com>
---
 .github/workflows/ci-main.yaml | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci-main.yaml b/.github/workflows/ci-main.yaml
index 3314046c0..54f3ffaf7 100644
--- a/.github/workflows/ci-main.yaml
+++ b/.github/workflows/ci-main.yaml
@@ -59,13 +59,11 @@ jobs:
           FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
   semgrep-scan:
     name: semgrep
-    runs-on: ubuntu-latest
     if: (github.actor != 'dependabot[bot]')
-    steps:
-      - uses: actions/checkout@v4
-      - uses: semgrep/semgrep-action@v1
-        with:
-          publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
+    uses: splunk/sast-scanning/.github/workflows/sast-scan.yml@main
+    secrets: inherit
+    with:
+      block_mode: "on"
   pre-commit:
     runs-on: ubuntu-latest
     steps: