Merge pull request #706 from kristof-mattei/renovate/actions-setup-no… #1989

	name: Semgrep

	on:
	push:
	branches: [main]
	pull_request:
	branches: [main]
	schedule:
	- cron: "41 3 * * 6"

	permissions:
	security-events: write
	actions: read
	contents: read

	jobs:
	semgrep:
	name: Scan
	runs-on: ubuntu-latest

	container:
	image: returntocorp/semgrep:1.45.0@sha256:148ad517aea0afe96620a2d55f65eeedde6266aab7f3eb4e5ebae55d7eb53b62

	steps:
	- name: Check out repo
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	with:
	show-progress: false

	- name: Run semgrep
	shell: bash
	env:
	SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
	run: \|
	semgrep ci --sarif --output=semgrep.sarif

	- name: Upload SARIF file for GitHub Advanced Security Dashboard
	if: always()
	uses: github/codeql-action/upload-sarif@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4
	with:
	sarif_file: semgrep.sarif

Provide feedback