yaml 15 lines · 1 tab

Static application security testing with Semgrep in CI

Kai Nakamura Apr 2026
1 tab
name: semgrep

on: [pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: returntocorp/semgrep-action@v1
        with:
          config: >-
            p/owasp-top-ten
            p/ruby
            p/javascript
1 file · yaml Explain with highlit

SAST is most useful when rules are actionable and fit the stack. I use Semgrep to catch dangerous patterns like command injection, weak crypto, SSRF sinks, and raw SQL interpolation. The signal stays high when teams tune rules and suppressions deliberately instead of adopting everything at once.

Share this code

Here's the card — post it anywhere.

Static application security testing with Semgrep in CI — share card
Link copied