name: Semgrep
on:
  pull_request: {}
  push:
     branches: ["master"] 
jobs:
  semgrep:
    name: Scan
    runs-on: ubuntu-latest
    if: (github.actor != 'dependabot[bot]' && github.actor != 'snyk-bot')
    steps:
      - uses: actions/checkout@v2
      - uses: returntocorp/semgrep-action@v1
        with:
          publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}