feat(ci): reenable semgrep sarif file exports (#101)

Signed-off-by: Tobias Brumhard <[email protected]>
SchwarzIT · Apr 8, 2022 · d97730d · d97730d
1 parent f06816b
commit d97730d
Showing 1 changed file with 6 additions and 9 deletions.
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -4,10 +4,6 @@ on:
   # Scan changed files in PRs, block on new issues only (existing issues ignored)
   pull_request: {}
 
-  # Scan all files on branches, block on any issues
-  # push:
-  #   branches: ["master", "main"]
-
 jobs:
   semgrep:
     name: Scan
@@ -25,10 +21,11 @@ jobs:
             p/docker
             p/dockerfile
             p/command-injection
-          # generateSarif: "1"
+          generateSarif: "1"
 
       # Upload findings to GitHub Advanced Security Dashboard [step 2/2]
-      # - name: Upload SARIF file for GitHub Advanced Security Dashboard
-      #   uses: github/codeql-action/upload-sarif@f5d822707ee6e8fb81b04a5c0040b736da22e587 # tag=v1.1.4
-      #   with:
-      #     sarif_file: semgrep.sarif
+      - name: Upload SARIF file for GitHub Advanced Security Dashboard
+        uses: github/codeql-action/upload-sarif@f5d822707ee6e8fb81b04a5c0040b736da22e587 # tag=v1.1.4
+        with:
+          sarif_file: semgrep.sarif
+        if: always()