diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 97c172f8..9ce34037 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -41,7 +41,7 @@ jobs:
         token: ${{ secrets.CODECOV_TOKEN }}
 
   semgrep:
-    name: semgrep/ci
+    name: semgrep
     runs-on: ubuntu-20.04
     env:
       SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
diff --git a/semgrep.yml b/semgrep.yml
new file mode 100644
index 00000000..4455edbe
--- /dev/null
+++ b/semgrep.yml
@@ -0,0 +1,11 @@
+rules:
+- id: range-over-map
+  pattern-either:
+  - pattern: |
+      for $K, $V := range ($MAP : map[$KT]$VT) { ... }
+  - pattern: |
+      for $K := range ($MAP : map[$KT]$VT) { ... }
+  message: Ranging over a map is non deterministic
+  languages:
+  - go
+  severity: ERROR