From 3e7d35f65f9a61feb6b6629174f113c45f4e0213 Mon Sep 17 00:00:00 2001
From: bstack-security-github
 <116066275+bstack-security-github@users.noreply.github.com>
Date: Wed, 21 Jun 2023 17:26:31 +0530
Subject: [PATCH 1/4] Adding Code Scanner Semgrep.yml workflow file

---
 .github/workflows/Semgrep.yml | 48 +++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 .github/workflows/Semgrep.yml

diff --git a/.github/workflows/Semgrep.yml b/.github/workflows/Semgrep.yml
new file mode 100644
index 0000000..0347afd
--- /dev/null
+++ b/.github/workflows/Semgrep.yml
@@ -0,0 +1,48 @@
+# Name of this GitHub Actions workflow.
+name: Semgrep
+
+on:
+  # Scan changed files in PRs (diff-aware scanning):
+  # The branches below must be a subset of the branches above
+  pull_request:
+    branches: ["master", "main"]
+  push:
+    branches: ["master", "main"]
+  schedule:
+    - cron: '0 6 * * *'
+
+
+permissions:
+  contents: read
+
+jobs:
+  semgrep:
+    # User definable name of this GitHub Actions job.
+    permissions:
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/upload-sarif to upload SARIF results
+    name: semgrep/ci 
+    # If you are self-hosting, change the following `runs-on` value: 
+    runs-on: ubuntu-latest
+
+    container:
+      # A Docker image with Semgrep installed. Do not change this.
+      image: returntocorp/semgrep
+
+    # Skip any PR created by dependabot to avoid permission issues:
+    if: (github.actor != 'dependabot[bot]')
+
+    steps:
+      # Fetch project source with GitHub Actions Checkout.
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      # Run the "semgrep ci" command on the command line of the docker image.
+      - run: semgrep ci --sarif --output=semgrep.sarif
+        env:
+            # Add the rules that Semgrep uses by setting the SEMGREP_RULES environment variable. 
+            SEMGREP_RULES: p/default # more at semgrep.dev/explore
+
+      - name: Upload SARIF file for GitHub Advanced Security Dashboard
+        uses: github/codeql-action/upload-sarif@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e # v2.20.0
+        with:
+          sarif_file: semgrep.sarif
+        if: always()
\ No newline at end of file

From f5c120ab02923269185a440abf21c99c9b7d72ff Mon Sep 17 00:00:00 2001
From: bstack-security-github
 <116066275+bstack-security-github@users.noreply.github.com>
Date: Mon, 3 Jul 2023 20:46:36 +0530
Subject: [PATCH 2/4] Adding CODEOWNERS file

---
 .github/CODEOWNERS | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 7e1f1b4..09a587d 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1 +1,3 @@
 .github/* @browserstack/asi-devs
+
+* @browserstack/automate-public-repos

From 255bf48b4d49cc88b724876271ebb7216ee1dfaa Mon Sep 17 00:00:00 2001
From: Neha Agarwal <agarneha1331@gmail.com>
Date: Mon, 10 Jul 2023 11:25:38 +0530
Subject: [PATCH 3/4] Fix workflow file

---
 .github/workflows/reviewing_changes.yml | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/reviewing_changes.yml b/.github/workflows/reviewing_changes.yml
index 30660c0..d53e714 100644
--- a/.github/workflows/reviewing_changes.yml
+++ b/.github/workflows/reviewing_changes.yml
@@ -6,8 +6,8 @@ name: NodeJS SDK Test workflow on workflow_dispatch
 on:
   workflow_dispatch:
     inputs:
-      pull_request_number:
-        description: 'The pull request number to build'
+      commit_sha:
+        description: 'The commit id to build'
         required: true
 
 jobs:
@@ -27,16 +27,12 @@ jobs:
     steps:
       - uses: actions/checkout@v3
         with:
-          ref: refs/pull/${{ github.event.inputs.pull_request_number }}/head
-      - name: Fetch Commit SHA
-        run: |
-          git log -1 --format='%H'
-          echo "commit_sha=$(git log -1 --format='%H')" >> $GITHUB_ENV
-          echo "commit_sha=$(git log -1 --format='%H')" >> $env:GITHUB_ENV
+          ref: ${{ github.event.inputs.commit_sha }}
       - uses: actions/github-script@98814c53be79b1d30f795b907e553d8679345975
         id: status-check-in-progress
         env:
           job_name: NodeJS-selenium Repo ${{ matrix.node }} - ${{ matrix.os }} Sample
+          commit_sha: ${{ github.event.inputs.commit_sha }}
         with:
           github-token: ${{ github.token }}
           script: |
@@ -74,6 +70,7 @@ jobs:
         env:
           conclusion: ${{ job.status }}
           job_name: NodeJS-selenium Repo ${{ matrix.node }} - ${{ matrix.os }} Sample
+          commit_sha: ${{ github.event.inputs.commit_sha }}
         with:
           github-token: ${{ github.token }}
           script: |

From 2c821df17bd43ea39b248046a35b17fabec646bc Mon Sep 17 00:00:00 2001
From: Neha Agarwal <agarneha1331@gmail.com>
Date: Mon, 10 Jul 2023 13:07:57 +0530
Subject: [PATCH 4/4] Fix workflow file

---
 .github/workflows/reviewing_changes.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/reviewing_changes.yml b/.github/workflows/reviewing_changes.yml
index d53e714..090ebed 100644
--- a/.github/workflows/reviewing_changes.yml
+++ b/.github/workflows/reviewing_changes.yml
@@ -7,7 +7,7 @@ on:
   workflow_dispatch:
     inputs:
       commit_sha:
-        description: 'The commit id to build'
+        description: 'The full commit id to build'
         required: true
 
 jobs: