Enable Semgrep SAST

ausmaster · Sep 24, 2024 · 8d263d0 · 8d263d0
1 parent 41079e8
commit 8d263d0
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -0,0 +1,10 @@
+semgrep:
+  image: semgrep/semgrep
+  script: semgrep ci
+  rules:
+  - if: $CI_PIPELINE_SOURCE == "web"  # allow triggering a scan manually from the gitlab UI
+  - if: $CI_MERGE_REQUEST_IID  # scan on merge request events
+  - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH  # scan on push events to default branch
+  variables:
+
+    SEMGREP_APP_TOKEN: $SEMGREP_APP_TOKEN