[actions] Support Semgrep by Github Actions #40

maipbui · 2022-09-30T18:47:15Z

Signed-off-by: maipbui maibui@microsoft.com

Why I did it

Semgrep is a static analysis tool to find security vulnerabilities.
When opening a PR or commtting to PR, Semgrep performs a diff-aware scanning, which scans changed files in PRs.
When merging PR, Semgrep performs a full scan on master branch and report all findings.

Ref: - Supported Language - Semgrep Rules

How I did it

Integrate Semgrep into this repository by committing a job configuration file

How to verify it

PR: maipbui/sonic-buildimage#2
Master branch full scan findings: Master branch findings results
PR maipbui/sonic-buildimage#2 scan findings: Pull request findings results

Signed-off-by: maipbui <maibui@microsoft.com>

[actions] Support Semgrep by Github Actions

1d2388c

Signed-off-by: maipbui <maibui@microsoft.com>

maipbui requested a review from qiluo-msft September 30, 2022 18:47

add release branches

6ef74ff

Signed-off-by: maipbui <maibui@microsoft.com>

qiluo-msft approved these changes Oct 3, 2022

View reviewed changes

maipbui merged commit fb20e16 into sonic-net:master Oct 3, 2022

maipbui added Request for 201911 Branch Request for 202111 branch labels Oct 3, 2022

maipbui deleted the bui/semgrep branch October 3, 2022 18:42

maipbui mentioned this pull request Oct 3, 2022

Fix error in Semgrep action #41

Closed

maipbui removed Request for 201911 Branch Request for 202111 branch labels Oct 3, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[actions] Support Semgrep by Github Actions #40

[actions] Support Semgrep by Github Actions #40

maipbui commented Sep 30, 2022

[actions] Support Semgrep by Github Actions #40

[actions] Support Semgrep by Github Actions #40

Conversation

maipbui commented Sep 30, 2022

Why I did it

How I did it

How to verify it