This repository was archived by the owner on Sep 2, 2025. It is now read-only.
SECENG-1297 [skip ci] Create non-blocking workflow for static code analysis upon PR#7
Open
SECENG-1297 [skip ci] Create non-blocking workflow for static code analysis upon PR#7
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What is this?
The Security Team would like to run semgrep the static analysis tool Semgrep on every Merge Request (MR) across all Navan code repositories. Semgrep will be used to identify security vulnerabilities within code written by Navan developers.
How will this impact my development workflows?
Semgrep should have zero impact. It will run on every single merge request but it is not going to to block or fail your MR right now. We know some of you have had concerns with Apiiro blocking your merge requests, and we worked hard to resolve them. In case of semgrep we are simply not enabling it in blocking mode.
How it is different from Apiiro? Why do we need both?
Semgrep analyzes data and code flow, and identifies issues within the source code. Apiiro currently only analyzes third party dependencies used in each code repository or secrets used for source code. These tools are complimentary and we need both to identify different classes of security issues.