Run Semgrep OSS Scan for code

alcaeus · alcaeus · commit 2d34dbfaa5ae · 2024-05-22T09:50:28.000+02:00
diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml
@@ -0,0 +1,30 @@
+name: "Static Analysis"
+
+on:
+  merge_group:
+  pull_request:
+    branches:
+      - "v*.*"
+      - "master"
+      - "feature/*"
+  push:
+    branches:
+      - "v*.*"
+      - "master"
+      - "feature/*"
+
+jobs:
+  semgrep:
+    name: "Semgrep"
+    runs-on: "ubuntu-latest"
+    container:
+      image: semgrep/semgrep
+
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@v4"
+        with:
+          submodules: true
+
+      - name: "Scan"
+        run: semgrep scan --error
diff --git a/.semgrepignore b/.semgrepignore
@@ -0,0 +1,3 @@
+/.evergreen/
+/.github/
+/tests/
