From f01077e155924779e5b6b132f452f757b59da9f4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9Cswati31196=E2=80=9D?=
 <swatichoudhary15b58@gmail.com>
Date: Fri, 5 Aug 2022 18:02:17 +0530
Subject: [PATCH] semgrep and dependabot intg

---
 .github/dependabot.yml         |  8 ++++++++
 .github/workflows/security.yml | 20 ++++++++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/workflows/security.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..60349843
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,8 @@
+version: 2
+updates:
+  - package-ecosystem: gomod
+    directory: "/"
+    schedule:
+      interval: daily
+      time: "04:00"
+      timezone: Asia/Calcutta
\ No newline at end of file
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
new file mode 100644
index 00000000..d009c133
--- /dev/null
+++ b/.github/workflows/security.yml
@@ -0,0 +1,20 @@
+name: Security
+on:
+  workflow_dispatch:
+  pull_request: { }
+  push:
+    branches: [ "dev" ]
+  schedule:
+    - cron: '30 20 * * *'
+jobs:
+  security-sast:
+    uses: razorpay/security-action/.github/workflows/semgrep.yml@master
+    secrets:
+      SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
+
+  security-statuscheck:
+    needs: [ security-sast ]
+    if: always()
+    uses: razorpay/security-action/.github/workflows/status_check.yml@master
+    with:
+      WORKFLOW_RESULT: ${{ needs.security-sast.result == 'success' && needs.security-sast.result != 'cancelled' || 'false' }}
\ No newline at end of file