From b6d93411849d049d5bdac07fbe4526b50f555787 Mon Sep 17 00:00:00 2001
From: Scott Fryer <60462088+steelhead31@users.noreply.github.com>
Date: Wed, 6 Mar 2024 12:39:01 +0000
Subject: [PATCH 1/3] Add Semgrep Diff GHA

---
 .github/workflows/semgrep_diff.yml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 .github/workflows/semgrep_diff.yml

diff --git a/.github/workflows/semgrep_diff.yml b/.github/workflows/semgrep_diff.yml
new file mode 100644
index 000000000..32b28382d
--- /dev/null
+++ b/.github/workflows/semgrep_diff.yml
@@ -0,0 +1,23 @@
+---
+name: Semgrep Differential Scan
+on:
+  pull_request:
+
+jobs:
+  semgrep-diff:
+    runs-on: ubuntu-latest
+    container:
+      image: returntocorp/semgrep
+
+    steps:
+      # Step 1: Clone application source code
+      - name: Checkout code
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+        with:
+          fetch-depth: 0
+
+      # Step 2: Differential scan
+      - name: Differential scan
+        run: |
+          semgrep ci \
+            --config="p/trailofbits"

From ef5d69c6cd0e8abb12c61c646165d42490a75443 Mon Sep 17 00:00:00 2001
From: Scott Fryer <60462088+steelhead31@users.noreply.github.com>
Date: Wed, 6 Mar 2024 12:51:58 +0000
Subject: [PATCH 2/3] Create .semgrepignore

---
 .semgrepignore | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 .semgrepignore

diff --git a/.semgrepignore b/.semgrepignore
new file mode 100644
index 000000000..8b1378917
--- /dev/null
+++ b/.semgrepignore
@@ -0,0 +1 @@
+

From 095a3b9fe0cc34a14b13f7fdc11a40e38ebf6133 Mon Sep 17 00:00:00 2001
From: Scott Fryer <60462088+steelhead31@users.noreply.github.com>
Date: Thu, 2 May 2024 14:05:10 +0100
Subject: [PATCH 3/3] Use centralised GHA workflow

---
 .github/workflows/semgrep_diff.yml | 17 +----------------
 1 file changed, 1 insertion(+), 16 deletions(-)

diff --git a/.github/workflows/semgrep_diff.yml b/.github/workflows/semgrep_diff.yml
index 32b28382d..cb5f22881 100644
--- a/.github/workflows/semgrep_diff.yml
+++ b/.github/workflows/semgrep_diff.yml
@@ -5,19 +5,4 @@ on:
 
 jobs:
   semgrep-diff:
-    runs-on: ubuntu-latest
-    container:
-      image: returntocorp/semgrep
-
-    steps:
-      # Step 1: Clone application source code
-      - name: Checkout code
-        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
-        with:
-          fetch-depth: 0
-
-      # Step 2: Differential scan
-      - name: Differential scan
-        run: |
-          semgrep ci \
-            --config="p/trailofbits"
+    uses: adoptium/.github/.github/workflows/semgrep_diff.yml@main