Upload semgrep report to GitHub code scanning

alcaeus · alcaeus · commit e4a7b129af42 · 2024-05-22T09:58:24.000+02:00
diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml
@@ -12,6 +12,8 @@ on:
       - "v*.*"
       - "master"
       - "feature/*"
+    tags:
+      - "*"
 
 jobs:
   semgrep:
@@ -27,4 +29,9 @@ jobs:
           submodules: true
 
       - name: "Scan"
-        run: semgrep scan --error
+        run: semgrep scan --sarif-output=semgrep.sarif
+
+      - name: "Upload SARIF report"
+        uses: "github/codeql-action/upload-sarif@v3"
+        with:
+          sarif_file: semgrep.sarif
