From 44772985a04bf6a3d4026436ff96dd57212b76cb Mon Sep 17 00:00:00 2001
From: elb-notion <148162172+elb-notion@users.noreply.github.com>
Date: Thu, 11 Jan 2024 17:14:19 -0800
Subject: [PATCH] Add Semgrep security code scanning (#482)

* Add a semgrep workflow

* fix formatting per prettier
---
 .github/workflows/semgrep.yml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 .github/workflows/semgrep.yml

diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
new file mode 100644
index 00000000..de01e1f4
--- /dev/null
+++ b/.github/workflows/semgrep.yml
@@ -0,0 +1,22 @@
+name: Security - Semgrep
+
+on:
+  pull_request: {}
+  workflow_dispatch: {}
+  push:
+    branches-ignore: ["main"]
+  schedule:
+    - cron: "20 17 * * *"
+
+jobs:
+  semgrep:
+    name: semgrep/ci
+    runs-on: ubuntu-latest
+    container:
+      image: returntocorp/semgrep
+    timeout-minutes: 480
+    steps:
+      - uses: actions/checkout@v3
+      - run: semgrep ci
+        env:
+          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP }}