From 2575dd8b61688931ddebbc22d5abe3ffd51c9fac Mon Sep 17 00:00:00 2001
From: "devsecops-opslevel[bot]"
 <168093429+devsecops-opslevel[bot]@users.noreply.github.com>
Date: Mon, 10 Mar 2025 08:40:58 +0000
Subject: [PATCH 1/2] Add dependabot.yml

---
 .github/workflows/semgrep.yml | 36 +++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 .github/workflows/semgrep.yml

diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
new file mode 100644
index 0000000..880c6b6
--- /dev/null
+++ b/.github/workflows/semgrep.yml
@@ -0,0 +1,36 @@
+
+# Name of this GitHub Actions workflow.
+name: Semgrep
+
+on:
+  # Scan changed files in PRs (diff-aware scanning):
+  pull_request: {}
+  # Scan on-demand through GitHub Actions interface:
+  workflow_dispatch: {}
+  # Scan mainline branches and report all findings:
+  push:
+    branches:
+        - main
+        - master
+  # Schedule the CI job (this method uses cron syntax):
+  schedule:
+    - cron: '30 14 * * *'
+    # or whatever time works best for your team.
+
+jobs:
+  semgrep:
+    # User definable name of this GitHub Actions job.
+    name: semgrep/ci
+    # If you are self-hosting, change the following `runs-on` value:
+    runs-on: ubuntu-latest
+
+    # Skip any PR created by dependabot to avoid permission issues:
+    if: (github.actor != 'dependabot[bot]')
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Semgrep
+        uses: utilitywarehouse/semgrep-rules/setup-semgrep@v0.6.0
+        with:
+          token: ${{ secrets.DEPLOY_GITHUB_TOKEN }}

From 9f6668806819e5e444d1a7f1f23af2a143b634c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?crypticG=C3=B8=C3=B8se?= <christogoosen@gmail.com>
Date: Wed, 19 Mar 2025 16:50:17 +0200
Subject: [PATCH 2/2] Update semgrep.yml

---
 .github/workflows/semgrep.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
index 880c6b6..26ff59e 100644
--- a/.github/workflows/semgrep.yml
+++ b/.github/workflows/semgrep.yml
@@ -31,6 +31,6 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Semgrep
-        uses: utilitywarehouse/semgrep-rules/setup-semgrep@v0.6.0
+        uses: utilitywarehouse/semgrep-rules/setup-semgrep@latest
         with:
           token: ${{ secrets.DEPLOY_GITHUB_TOKEN }}