From fe0930fa3f50c0d50516fce03030aacece80276f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20B=C4=9Bh=C3=A1vka?= Date: Mon, 6 Jul 2026 11:20:37 +0200 Subject: [PATCH] Update dependencies and fix releaser --- .github/workflows/semgrep.yaml | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/.github/workflows/semgrep.yaml b/.github/workflows/semgrep.yaml index d7c49dc..43f9f72 100644 --- a/.github/workflows/semgrep.yaml +++ b/.github/workflows/semgrep.yaml @@ -10,26 +10,27 @@ jobs: runs-on: ubuntu-latest # Skip any PR created by dependabot to avoid permission issues if: (github.actor != 'dependabot[bot]') + container: + image: semgrep/semgrep:1.168.0@sha256:59fbed6127ea7c5dde3ba6a85142733bb20ea9aaa36120c953904f1539aaf66e steps: # Fetch project source - uses: actions/checkout@v7 - - uses: returntocorp/semgrep-action@v1 - with: - config: >- # more at semgrep.dev/explore - p/security-audit - p/secrets - p/ci - p/r2c - p/r2c-ci - p/docker - p/dockerfile - p/command-injection - generateSarif: "1" + - name: Run Semgrep + run: | + semgrep scan \ + --sarif \ + --output=semgrep.sarif \ + --config="p/security-audit" \ + --config="p/secrets" \ + --config="p/ci" \ + --config="p/default" \ + --config="p/docker" \ + --config="p/dockerfile" \ + --config="p/command-injection" # Upload findings to GitHub Advanced Security Dashboard [step 2/2] - name: Upload SARIF file for GitHub Advanced Security Dashboard - uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + uses: github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: - sarif_file: semgrep.sarif - if: always() + sarif_file: semgrep.sarif \ No newline at end of file