Merge pull request #32 from PostHog/tom/fix-semgrep

Piccirello · web-flow · commit e1397ae673e5 · 2026-03-09T13:20:25.000-07:00
fix: unable to use custom semgrep rules
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -21,6 +21,13 @@ jobs:
             - name: Checkout
               uses: actions/checkout@v6
 
+            - name: Checkout .github repo (for custom semgrep rules)
+              uses: actions/checkout@v6
+              with:
+                  repository: PostHog/.github
+                  path: dotgithub-repo
+                  sparse-checkout: .semgrep
+
             - name: Check for .github directory
               id: check
               run: |
@@ -32,7 +39,7 @@ jobs:
               if: steps.check.outputs.exists == 'true'
               run: |
                   semgrep \
-                    --config ".semgrep/rules/" \
+                    --config "dotgithub-repo/.semgrep/rules/" \
                     --config "p/owasp-top-ten" \
                     --config "p/security-audit" \
                     --config "p/trailofbits" \
