veza/docs/archive/workflows/semgrep.yml.disabled

name: Semgrep SAST

on:
    pull_request:
        branches: [main]
    schedule:
        - cron: "0 3 * * 1" # Weekly on Monday at 3am UTC
    workflow_dispatch:

env:
    GIT_SSL_NO_VERIFY: "true"
    NODE_TLS_REJECT_UNAUTHORIZED: "0"

jobs:
    semgrep:
        runs-on: ubuntu-latest
        timeout-minutes: 15

        container:
            image: returntocorp/semgrep

        steps:
            - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

            - name: Run Semgrep
              run: >
                  semgrep scan
                  --config p/auto
                  --config p/owasp-top-ten
                  --config p/r2c-security-audit
                  --error
                  --json
                  --output semgrep-results.json
                  .
              continue-on-error: true

            - name: Upload Semgrep results
              if: always()
              uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
              with:
                  name: semgrep-results
                  path: semgrep-results.json
                  retention-days: 30
ci: fix duplicate env block in staging-validation workflow Merge SSL env vars into existing env block instead of creating a duplicate (YAML doesn't allow duplicate top-level keys). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-09 12:51:10 +00:00			`name: Semgrep SAST`

			`on:`
			`pull_request:`
			`branches: [main]`
			`schedule:`
			`- cron: "0 3 * * 1" # Weekly on Monday at 3am UTC`
			`workflow_dispatch:`

			`env:`
			`GIT_SSL_NO_VERIFY: "true"`
			`NODE_TLS_REJECT_UNAUTHORIZED: "0"`

			`jobs:`
			`semgrep:`
			`runs-on: ubuntu-latest`
			`timeout-minutes: 15`

			`container:`
			`image: returntocorp/semgrep`

			`steps:`
			`- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2`

			`- name: Run Semgrep`
			`run: >`
			`semgrep scan`
			`--config p/auto`
			`--config p/owasp-top-ten`
			`--config p/r2c-security-audit`
			`--error`
			`--json`
			`--output semgrep-results.json`
			`.`
			`continue-on-error: true`

			`- name: Upload Semgrep results`
			`if: always()`
			`uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0`
			`with:`
			`name: semgrep-results`
			`path: semgrep-results.json`
			`retention-days: 30`