Why I did itSemgrep is a static analysis tool to find security vulnerabilities.
When opening a PR or commtting to PR, Semgrep performs a diff-aware scanning, which scans changed files in PRs.
When merging PR, Semgrep performs a full scan on master branch and report all findings.
Why I did it Semgrep is a static analysis tool to find security vulnerabilities. When opening a PR or commtting to PR, Semgrep performs a diff-aware scanning, which scans changed files in PRs. When merging PR, Semgrep performs a full scan on master branch and report all findings.
Ref: - Supported Language - Semgrep Rules
How I did it Integrate Semgrep into this repository by committing a job configuration file - How to verify it
- Description for the changelog