From c615ee03e0471e7da9295c2db5c46e73ff8ff71b Mon Sep 17 00:00:00 2001
From: olegchorny <oleg.chorny@gmail.com>
Date: Fri, 22 Dec 2023 15:55:08 +0200
Subject: [PATCH] Semgrep with Gitlab rules

---
 .github/workflows/semgrep.yml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
index 3ade1add..a20eabc5 100644
--- a/.github/workflows/semgrep.yml
+++ b/.github/workflows/semgrep.yml
@@ -3,7 +3,7 @@ name: Semgrep
 
 on:
   schedule:
-    - cron: "30 13 * * *" # Sets Semgrep to scan every day at 12:30 UTC.
+    - cron: "00 14 * * *" # Sets Semgrep to scan every day at 12:30 UTC.
     # It is recommended to change the schedule to a random time.
 
 jobs:
@@ -25,10 +25,14 @@ jobs:
         with:
           repository: semgrep/semgrep-rules
           path: "./semgrep-rules"
+      # clone gitlab repo to fetch gitlab rules
+      - name: Clone private repo
+        run: git clone https://gitlab.com/gitlab-org/security-products/sast-rules.git
       # Run the "semgrep ci --sarif" command on the command line of the docker image.
       - run: semgrep ci --sarif > semgrep.sarif
         env:
-          SEMGREP_RULES: "./semgrep-rules/elixir/lang"
+          #SEMGREP_RULES: "./semgrep-rules/elixir/lang"
+          SEMGREP_RULES: "./sast-rules/javascript"
       # Upload SARIF file generated in previous step
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@v2