yaml
15 lines · 1 tab
Kai Nakamura
Apr 2026
1 tab
name: semgrep
on: [pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: returntocorp/semgrep-action@v1
with:
config: >-
p/owasp-top-ten
p/ruby
p/javascript
1 file · yaml
Explain with highlit
SAST is most useful when rules are actionable and fit the stack. I use Semgrep to catch dangerous patterns like command injection, weak crypto, SSRF sinks, and raw SQL interpolation. The signal stays high when teams tune rules and suppressions deliberately instead of adopting everything at once.
Share this code
Here's the card — post it anywhere.