migrated from semgrep action to cli

deviant101 · deviant101 · commit d47578629f38 · 2025-12-03T00:20:40.000+05:00
diff --git a/.github/workflows/devsecops-pipeline.yml b/.github/workflows/devsecops-pipeline.yml
@@ -85,19 +85,10 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Run Semgrep
-        uses: returntocorp/semgrep-action@v1
-        continue-on-error: true
-        with:
-          config: >-
-            p/security-audit
-            p/nodejs
-            p/owasp-top-ten
-            p/javascript
-          generateSarif: true
-
-      - name: Generate JSON results
-        if: always()
+      - name: Install Semgrep
+        run: pip3 install semgrep
+
+      - name: Run Semgrep scan
         continue-on-error: true
         run: |
           semgrep --config "p/security-audit" --config "p/nodejs" --config "p/owasp-top-ten" --config "p/javascript" --json --output semgrep-results.json . || echo "Semgrep scan completed"
@@ -107,9 +98,7 @@ jobs:
         uses: actions/upload-artifact@v4
         with:
           name: semgrep-results
-          path: |
-            semgrep-results.json
-            semgrep.sarif
+          path: semgrep-results.json
 
   # Stage 6: Dependency Scanning
   dependency-scan:
