From 76fee8a1beda595b03cc17689f4af8dff5de1b2a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9Cswati31196=E2=80=9D?=
 <swatichoudhary15b58@gmail.com>
Date: Mon, 10 Jan 2022 15:12:10 +0530
Subject: [PATCH 1/2] Semgrep Integration

---
 .github/workflows/security.yml | 49 ++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 .github/workflows/security.yml

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
new file mode 100644
index 00000000..d4583e00
--- /dev/null
+++ b/.github/workflows/security.yml
@@ -0,0 +1,49 @@
+name: SecurityChecks
+on:
+  pull_request: {}
+  push:
+    branches: ["master"]
+jobs:
+  semgrep:
+    name: Scan
+    runs-on: [self-hosted]
+    steps:
+      - uses: actions/checkout@v2
+      - uses: returntocorp/semgrep-action@v1
+        with:
+          publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
+          publishDeployment: 339
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  workflow_status:
+    runs-on: [ self-hosted ]
+    name: Update Status Check
+    needs: [ semgrep ]
+    if: always()
+    env:
+      githubCommit: ${{ github.event.pull_request.head.sha }}
+    steps:
+      - name: Set github commit id
+        run: |
+          if [ "${{ github.event_name }}" = "push" ]; then
+            echo "githubCommit=${{ github.sha }}" >> $GITHUB_ENV
+          fi
+          exit 0
+      - name: Failed
+        id: failed
+        if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
+        run: |
+          echo 'Failing the workflow for github security status check.'
+          curl -X POST -H "Content-Type: application/json" -H "Authorization: token ${{ github.token }}" \
+          -d '{ "state" : "failure" , "context" : "github/security-status-check" , "description" : "github/security-status-check", "target_url" : "https://github.com/${{ github.repository }}" }' \
+          https://api.github.com/repos/${{ github.repository }}/statuses/${{ env.githubCommit }}
+          exit 1
+      - name: Success
+        if: steps.failed.conclusion == 'skipped'
+        run: |
+          echo 'Status check has passed!'
+          curl -X POST -H "Content-Type: application/json" -H "Authorization: token ${{ github.token }}" \
+          -d '{ "state" : "success" , "context" : "github/security-status-check" , "description" : "github/security-status-check", "target_url" : "https://github.com/${{ github.repository }}" }' \
+          https://api.github.com/repos/${{ github.repository }}/statuses/${{ env.githubCommit }}
+          exit 0

From 793beb23d09a4dad99573dfeaef0211c2441b950 Mon Sep 17 00:00:00 2001
From: swati31196 <30949703+swati31196@users.noreply.github.com>
Date: Mon, 10 Jan 2022 17:22:22 +0530
Subject: [PATCH 2/2] Update security.yml

---
 .github/workflows/security.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index d4583e00..e1f5a7f6 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -6,7 +6,7 @@ on:
 jobs:
   semgrep:
     name: Scan
-    runs-on: [self-hosted]
+    runs-on: [ubuntu-latest]
     steps:
       - uses: actions/checkout@v2
       - uses: returntocorp/semgrep-action@v1
@@ -17,7 +17,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   workflow_status:
-    runs-on: [ self-hosted ]
+    runs-on: [ ubuntu-latest ]
     name: Update Status Check
     needs: [ semgrep ]
     if: always()