From b5980ccce256953eb1d56decdf4bd151077c3fae Mon Sep 17 00:00:00 2001
From: Hermann_Kitio <hermannkitio94@gmail.com>
Date: Thu, 23 Apr 2026 02:46:41 +0300
Subject: [PATCH] ci(semgrep): scan SAST --severity=ERROR (FTD-28)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/ci.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 8c95e8d..55d7b24 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -18,3 +18,7 @@ jobs:
       - run: npm ci
       - run: npm run test
       - run: npm audit --audit-level=high
+      - name: Install Semgrep
+        run: python3 -m pip install --user semgrep
+      - name: Semgrep scan
+        run: semgrep scan --config=auto --error --severity=ERROR