version: 2.1

orbs:
  secops: apollo/circleci-secops-orb@2.0.6

workflows:
  security-scans:
    jobs:
      - secops/gitleaks:
          context:
            - platform-docker-ro
            - github-orb
            - secops-oidc
          git-base-revision: <<#pipeline.git.base_revision>><<pipeline.git.base_revision>><</pipeline.git.base_revision >>
          git-revision: << pipeline.git.revision >>
      - secops/semgrep:
          context:
            - secops-oidc
            - github-orb
          git-base-revision: <<#pipeline.git.base_revision>><<pipeline.git.base_revision>><</pipeline.git.base_revision >>