From 2ab371b99d478fdd9d1139025fb6df6b07aa9b7f Mon Sep 17 00:00:00 2001
From: crew-security <crew-security@users.noreply.github.com>
Date: Fri, 17 Nov 2023 04:58:24 -0800
Subject: [PATCH] Update semgrep action to newer version (#139)

---
 .github/workflows/semgrep.yml | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
index b4035d1..39bfd73 100644
--- a/.github/workflows/semgrep.yml
+++ b/.github/workflows/semgrep.yml
@@ -1,15 +1,20 @@
 name: Semgrep
+
 on:
-  pull_request: {}
+  pull_request_target: {}
   push:
-     branches: ["master"] 
+    branches: ["master", "main"]
+permissions:
+  contents: read
 jobs:
   semgrep:
     name: Scan
     runs-on: ubuntu-latest
+    container:
+      image: returntocorp/semgrep
     if: (github.actor != 'dependabot[bot]' && github.actor != 'snyk-bot')
     steps:
-      - uses: actions/checkout@v2
-      - uses: returntocorp/semgrep-action@v1
-        with:
-          publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
\ No newline at end of file
+      - uses: actions/checkout@v3
+      - run: semgrep ci
+        env:
+          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
\ No newline at end of file