name: Static code analysis

on: [push, pull_request]

jobs:
  semgrep:
    name: run-semgrep
    runs-on: ubuntu-latest
    container:
      image: returntocorp/semgrep
    steps:
    - uses: actions/checkout@v3
    - run: semgrep scan --error --config auto
      env:
        SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}