ericcornelissen / depreman

Manage npm deprecations
https://www.npmjs.com/package/depreman
GNU Affero General Public License v3.0
0 stars 0 forks source link

Set up Semgrep scan #52

Closed ericcornelissen closed 6 days ago

ericcornelissen commented 6 days ago

Relates to #45

Summary

Add a CI Job to run a Semgrep scan on this codebase. The job is configured to run only on the main branch because it requires access to the SEMGREP_APP_TOKEN secret which may not be accessible on PRs from external contributors. The job will upload the report as a SARIF file to GitHub for ingestion without having to rely on the Semgrep web application.