From c8a50e80f77261346a373e82bea92f730d944098 Mon Sep 17 00:00:00 2001
From: "semgrep.dev on behalf of @Meghana-Kalwal" <support@semgrep.com>
Date: Tue, 16 Dec 2025 09:46:58 +0000
Subject: [PATCH 1/4] Add Semgrep CI

---
 .github/workflows/semgrep.yml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 .github/workflows/semgrep.yml

diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
new file mode 100644
index 0000000..6407f1d
--- /dev/null
+++ b/.github/workflows/semgrep.yml
@@ -0,0 +1,26 @@
+on:
+  workflow_dispatch: {}
+  pull_request: {}
+  push:
+    branches:
+    - main
+    - master
+    paths:
+    - .github/workflows/semgrep.yml
+  schedule:
+  # random HH:MM to avoid a load spike on GitHub Actions at 00:00
+  - cron: 20 20 * * *
+name: Semgrep
+jobs:
+  semgrep:
+    name: semgrep/ci
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    env:
+      SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
+    container:
+      image: semgrep/semgrep
+    steps:
+    - uses: actions/checkout@v4
+    - run: semgrep ci

From dfa4d37eae425cc2ec6c8e044e5be284dbe58210 Mon Sep 17 00:00:00 2001
From: Meghana <meghana.kalwal@gmail.com>
Date: Fri, 19 Dec 2025 18:40:22 +0530
Subject: [PATCH 2/4] Update README.md

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index d4a49dd..41a1546 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,7 @@
 # Damn Simple Vulnerable Python Web Application
 
+// test commit for sonar quality gate
+
 **DSVPWA** is a simple web application written in Python and mainly inspired by [DSVW](https://github.com/stamparm/DSVW). It is deliberately vulnerable for educational purposes to demonstrate some of the [OWASP TOP Ten](https://owasp.org/www-project-top-ten/) security risks and other vulnerabilities. It supposed to be used locally in a virtual machine or in a Docker container.
 
 ## Features

From ad940344801348ae34e216b776d3d385a3e9ffcd Mon Sep 17 00:00:00 2001
From: Meghana <meghana.kalwal@gmail.com>
Date: Fri, 19 Dec 2025 18:41:16 +0530
Subject: [PATCH 3/4] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 41a1546..ff0e398 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # Damn Simple Vulnerable Python Web Application
 
-// test commit for sonar quality gate
+// define DSVPWA
 
 **DSVPWA** is a simple web application written in Python and mainly inspired by [DSVW](https://github.com/stamparm/DSVW). It is deliberately vulnerable for educational purposes to demonstrate some of the [OWASP TOP Ten](https://owasp.org/www-project-top-ten/) security risks and other vulnerabilities. It supposed to be used locally in a virtual machine or in a Docker container.
 

From 9fe29debee3f0cd5cec3fd07449699d46d0c6e12 Mon Sep 17 00:00:00 2001
From: Meghana <meghana.kalwal@gmail.com>
Date: Tue, 23 Dec 2025 13:22:24 +0530
Subject: [PATCH 4/4] Create up_semgrep.yml

---
 .github/workflows/up_semgrep.yml | 49 ++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 .github/workflows/up_semgrep.yml

diff --git a/.github/workflows/up_semgrep.yml b/.github/workflows/up_semgrep.yml
new file mode 100644
index 0000000..e3784a0
--- /dev/null
+++ b/.github/workflows/up_semgrep.yml
@@ -0,0 +1,49 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow file requires a free account on Semgrep.dev to
+# manage rules, file ignores, notifications, and more.
+#
+# See https://semgrep.dev/docs
+
+name: Semgrep
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '37 23 * * 3'
+
+permissions:
+  contents: read
+
+jobs:
+  semgrep:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    name: Scan
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout project source
+      - uses: actions/checkout@v4
+
+      # Scan code using project's configuration on https://semgrep.dev/manage
+      - uses: returntocorp/semgrep-action@fcd5ab7459e8d91cb1777481980d1b18b4fc6735
+        with:
+          publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
+          publishDeployment: ${{ secrets.SEMGREP_DEPLOYMENT_ID }}
+          generateSarif: "1"
+
+      # Upload SARIF file generated in previous step
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: semgrep.sarif
+        if: always()