ci: add semgrep job

Matt Peake · Matt Peake · commit ae81e30c98e1 · 2024-01-11T14:23:44.000-05:00
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -2,6 +2,7 @@ version: 2.1
 
 orbs:
   node: circleci/node@5.0.2
+  secops: apollo/circleci-secops-orb@2.0.6
 
 commands:
   install-volta:
@@ -95,3 +96,16 @@ workflows:
       - Linting
       - Query Check
       - Generated Types Check
+  security-scans:
+    jobs:
+      - secops/gitleaks:
+          context:
+            - secops-oidc
+            - github-orb
+          git-base-revision: <<#pipeline.git.base_revision>><<pipeline.git.base_revision>><</pipeline.git.base_revision >>
+          git-revision: << pipeline.git.revision >>
+      - secops/semgrep:
+          context:
+              - secops-oidc
+              - github-orb
+          git-base-revision: <<#pipeline.git.base_revision>><<pipeline.git.base_revision>><</pipeline.git.base_revision >>
