From 4b9c48238449137b6cda500c1fd153ed7ed5d8a1 Mon Sep 17 00:00:00 2001
From: Dmitry Galenko <dmitry@galenko.su>
Date: Mon, 21 Nov 2022 08:10:21 +0100
Subject: [PATCH] Fix empty workflow

---
 .../workflows/sec_sast_flawfinder_pull.yml    | 28 +++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/.github/workflows/sec_sast_flawfinder_pull.yml b/.github/workflows/sec_sast_flawfinder_pull.yml
index e69de29bb..8fe3632b4 100644
--- a/.github/workflows/sec_sast_flawfinder_pull.yml
+++ b/.github/workflows/sec_sast_flawfinder_pull.yml
@@ -0,0 +1,28 @@
+---
+name: Semgrep Differential Scan
+on:
+  pull_request
+
+jobs:
+
+  semgrep-diff:
+    runs-on: ubuntu-latest
+    container:
+      image: returntocorp/semgrep
+
+    steps:
+
+      # step 1
+      - name: clone application source code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      # step 2
+      - name: differential scan
+        run: |
+          semgrep scan \
+            --error \
+            --metrics=off \
+            --baseline-commit ${{ github.event.pull_request.base.sha }} \
+            --config="p/default"