From bc2f8f8ced93feb2aea86a6753d09ca4dd5d4aa2 Mon Sep 17 00:00:00 2001
From: Alvin Shih <20891793+alvin-c-shih@users.noreply.github.com>
Date: Fri, 2 Sep 2022 17:13:04 -0400
Subject: [PATCH] Enable semgrep static code analysis.

See https://github.com/maoo/security-scanning .
---
 .github/workflows/semgrep.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 .github/workflows/semgrep.yml

diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
new file mode 100644
index 0000000..c374a93
--- /dev/null
+++ b/.github/workflows/semgrep.yml
@@ -0,0 +1,15 @@
+name: Static code analysis
+
+on: [push, pull_request, workflow_dispatch]
+
+jobs:
+  semgrep:
+    name: run-semgrep
+    runs-on: ubuntu-20.04
+    container:
+      image: returntocorp/semgrep
+    steps:
+    - uses: actions/checkout@v3
+    - run: semgrep scan --error --config auto
+      env:
+        SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}