As part of work to improve our OpenSSSF scorecard result, the maintainers believe we should move from the free version of semgrep (not recognized by the openSSF scorecard) to codeQL.
See the scorecard docs for details: https://github.com/ossf/scorecard/blob/76c3e11cee0b6c358ec6b328605537d2be0e8970/docs/checks.md#sast
The workflow to replace is: https://github.com/finos/FDC3/blob/main/.github/workflows/semgrep.yml
As part of work to improve our OpenSSSF scorecard result, the maintainers believe we should move from the free version of semgrep (not recognized by the openSSF scorecard) to codeQL.
See the scorecard docs for details: https://github.com/ossf/scorecard/blob/76c3e11cee0b6c358ec6b328605537d2be0e8970/docs/checks.md#sast
The workflow to replace is: https://github.com/finos/FDC3/blob/main/.github/workflows/semgrep.yml