evm
evm copied to clipboard
rmrk-team
Create codeql.yml
Description
Testing automated solidity code analysis on each PR using this: https://github.com/Decurity/semgrep-smart-contracts
Checklist
- [ ] Verified code additions
- [ ] Updated NatSpec comments (if applicable)
- [ ] Regenerated docs
- [ ] Ran prettier
- [ ] Added tests to fully cover the changes
PR-Codex overview
This PR focuses on adding a GitHub Actions workflow to run Semgrep for scanning changed files in pull requests and on-demand.
Detailed summary
- Added a new GitHub Actions workflow named "Run Semgrep"
- Configured the workflow to scan changed files in pull requests and on-demand
- Specified the job to run on Ubuntu latest
- Used the
returntocorp/semgrepDocker image for the job - Skipped PRs created by dependabot
- Added steps to fetch project source and semgrep rules
- Ran security and gas optimization rules using semgrep
- Uploaded findings to GitHub Advanced Security Dashboard
✨ Ask PR-Codex anything about this PR by commenting with
/codex {your question}
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.
![github-advanced-security[bot] avatar](https://avatars.githubusercontent.com/in/57789?v=4 "Published by a pub.dev verified publisher"){kind=small}