From 76572351546dcf520f8c1b230a942fea3e5a6f42 Mon Sep 17 00:00:00 2001
From: "fishbrain-terraform[bot]"
 <146337244+fishbrain-terraform[bot]@users.noreply.github.com>
Date: Wed, 31 Jul 2024 08:03:58 +0000
Subject: [PATCH] Automated: Add Semgrep Github action

---
 .github/workflows/semgrep.yml | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
index 6338881..77dfdcd 100644
--- a/.github/workflows/semgrep.yml
+++ b/.github/workflows/semgrep.yml
@@ -3,20 +3,27 @@
 ######################################################################################################################
 name: Semgrep
 on:
+  workflow_dispatch: {}
   pull_request: {}
+  push:
+    branches:
+      - main
+      - master
+    paths:
+      - .github/workflows/semgrep.yml
   schedule:
-    - cron: '0 2 * * 0' # Once a week at 2am.
+    - cron: "0 2 * * 0" # Once a week at 2am.
 
 jobs:
   semgrep:
     name: Scan
     runs-on: warp-ubuntu-latest-x64-2x
     timeout-minutes: 15 # There's been issues with some runs hanging. This times out after 15 minutes instead of the default 360.
+    env:
+      SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
     container:
-      image: returntocorp/semgrep
+      image: semgrep/semgrep
     if: (github.actor != 'dependabot[bot]')
     steps:
       - uses: actions/checkout@v4
       - run: semgrep ci
-        env:
-          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}