From 0adee60b28427597d6a2bcd847000e493e4e37a1 Mon Sep 17 00:00:00 2001 From: dvarasani-crest <151819886+dvarasani-crest@users.noreply.github.com> Date: Tue, 27 Aug 2024 15:17:38 +0530 Subject: [PATCH] refactor: use reusable workflow for semgrep --- .github/workflows/build-test-release.yml | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-test-release.yml b/.github/workflows/build-test-release.yml index 9caf4913..4f967c79 100644 --- a/.github/workflows/build-test-release.yml +++ b/.github/workflows/build-test-release.yml @@ -59,16 +59,10 @@ jobs: - uses: pre-commit/action@v3.0.1 semgrep: - runs-on: ubuntu-latest - name: security-sast-semgrep if: github.actor != 'dependabot[bot]' - steps: - - uses: actions/checkout@v4 - - name: Semgrep - id: semgrep - uses: semgrep/semgrep-action@v1 - with: - publishToken: ${{ secrets.SEMGREP_PUBLISH_TOKEN }} + uses: splunk/sast-scanning/.github/workflows/sast-scan.yml@main + secrets: + SEMGREP_KEY: ${{ secrets.SEMGREP_PUBLISH_TOKEN }} run-unit-tests: name: test-unit ${{ matrix.python-version }}