sourcegraph / openctx

See contextual info about code from your dev tools, in your editor, code review, and anywhere else you read code.
https://openctx.org
Apache License 2.0
149 stars 17 forks source link

Adding Semgrep SAST Github Action #176

Closed mohammadualam closed 3 months ago

mohammadualam commented 3 months ago

As similar to sourcegraph/sourcegraph and sourcegraph/cody repo we would like to enable Semgrep SAST for this repo. This check is non-blocking and optional check for now so, you can still merge without any issues.

This Github action should execute less than a minute (~30 sec to 1 minute at max). Semgrep helps to detect security vulnerabilities in code & bad pattern by scanning through the code changes.

Why does it matter?

CI 🟢