Tweaked Semgrep rules to add the job for all commits, pushes, and MRs.

This commit is contained in:
TC 2024-12-27 16:12:56 +00:00
parent 19dbd4f921
commit b5dd481de9

View File

@ -102,11 +102,11 @@ semgrep:
image: semgrep/semgrep
rules:
# Scan changed files in MRs, (diff-aware scanning):
- if: $CI_MERGE_REQUEST_IID
# Scan mainline (default) branches and report all findings.
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
- if: $CI_PIPELINE_SOURCE == "merge_request_event" # Include all merge requests
- if: $CI_PIPELINE_SOURCE == "push" # Include all commits
- if: $CI_PIPELINE_SOURCE == "schedule" # Optionally include scheduled pipelines
- when: always # Ensure it runs if the pipeline is triggered for any other reason
variables:
# Connect to Semgrep AppSec Platform through your SEMGREP_APP_TOKEN.