From de69b3ff162598f5367a49c36b26153fbdad0a3b Mon Sep 17 00:00:00 2001
From: Hermann_Kitio <hermannkitio94@gmail.com>
Date: Thu, 23 Apr 2026 02:46:19 +0300
Subject: [PATCH] ci(semgrep): scan SAST --severity=ERROR (FTD-28)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/ci.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 8484718..5ee3f7c 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -21,3 +21,7 @@ jobs:
       - run: npm run typecheck
       - run: npm run test
       - run: npm audit --audit-level=high
+      - name: Install Semgrep
+        run: python3 -m pip install --user semgrep
+      - name: Semgrep scan
+        run: semgrep scan --config=auto --error --severity=ERROR