action.yaml

name: Semgrep x semgrep-rules-manager
description: Runs Semgrep with all rules from semgrep-rules-manager.
author: George-Andrei Iosif
branding:
  icon: search
  color: green
runs:
  using: 'composite'
  steps:
    - name: Download additional rules from third-party rules
      shell: bash
      run: |
        pip install semgrep-rules-manager
        mkdir /tmp/rules
        semgrep-rules-manager --dir /tmp/rules download
    - name: Install Semgrep
      id: semgrep-install
      shell: bash
      run: |
        pip install semgrep
    - name: Use the current repository
      uses: actions/checkout@v3
    - name: Run Semgrep with the additional rules
      shell: bash
      run: |
        semgrep ci --sarif --output=semgrep.sarif
      env:
        SEMGREP_RULES: "/tmp/rules"
    - name: Upload SARIF file for GitHub Advanced Security Dashboard
      uses: github/codeql-action/upload-sarif@v2
      with:
        sarif_file: semgrep.sarif
      if: always()