GitHub - rootstock/semgrep-rules-rust

Example of Github Actions Workflow for these Semgrep rules:

name: "Semgrep Security Scan"

on:
  push:
    branches: [ "main" ]
  pull_request:
    branches: [ "main" ]
  schedule:
    - cron: '18 9 * * 4'

jobs:
  semgrep:
    name: Semgrep Scan
    runs-on: 'ubuntu-latest'
    permissions:
      security-events: write
      packages: read
      actions: read
      contents: read

    steps:
    - name: Checkout repository
      uses: actions/checkout@v4

    - name: Checkout rules repository
      uses: actions/checkout@v4
      with:
        repository: rootstock/semgrep-rules-rust
        path: ./semgrep-rules

    - name: Setup Python
      uses: actions/setup-python@v4
      with:
        python-version: '3.x'

    - name: Install Semgrep
      run: |
        python -m pip install --upgrade pip
        pip install semgrep

    - name: Run Semgrep
      run: |
        semgrep \
          --config=p/rust \
          --config=./semgrep-rules/security/ \
          --sarif \
          --output=semgrep.sarif \
          --verbose \
          .
      continue-on-error: true

    - name: Upload SARIF file to GitHub
      uses: github/codeql-action/upload-sarif@v3
      if: always()
      with:
        sarif_file: semgrep.sarif
        category: semgrep

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
security		security
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

About

Uh oh!

Releases

Packages

Uh oh!

rootstock/semgrep-rules-rust

Folders and files

Latest commit

History

Repository files navigation

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Packages