From e737664e477010c8cf6f3b9a23480926768c454c Mon Sep 17 00:00:00 2001
From: Rostom Zouaghi <rostom.zouaghi@gmail.com>
Date: Wed, 27 Mar 2024 21:52:08 +0000
Subject: [PATCH] Onboard Semgrep - add semgrep.yaml workflow

---
 .github/workflows/semgrep.yaml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 .github/workflows/semgrep.yaml

diff --git a/.github/workflows/semgrep.yaml b/.github/workflows/semgrep.yaml
new file mode 100644
index 0000000..9373547
--- /dev/null
+++ b/.github/workflows/semgrep.yaml
@@ -0,0 +1,17 @@
+name: Semgrep
+on:
+  workflow_dispatch: {}
+  pull_request: {}
+  push:
+    branches:
+      - master
+    paths:
+      - .github/workflows/semgrep.yaml
+  schedule:
+    # random HH:MM to avoid a load spike on GitHub Actions at 00:00
+    - cron: 7 15 * * *
+
+jobs:
+  security-scan:
+    uses: permutive/github-workflows/.github/workflows/semgrep.yaml@master
+    secrets: inherit