A GitHub Actions workflow to run Semgrep offline. This is pretty outdated as Semgrep now has a semgrep ci command along with example configs, but what’s shown here still works for small projects.

Note: Replace 0.115.0 with the desired version.

name: Semgrep
on:
  push:
    branches: [main, master]
  pull_request:
    branches: [main, master]
jobs:
  semgrep:
    timeout-minutes: 5
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - run: pip install semgrep==0.115.0
      - run: semgrep --error

The above, but packaged into a composite action with a problem matcher to generate checks in GitHub Actions can be found oh the Bemuse project.