From 253308dcc542339177c656f4a065b26c6de745f3 Mon Sep 17 00:00:00 2001
From: Bram <brammieverhulst@gmail.com>
Date: Wed, 25 Mar 2026 19:27:40 +0100
Subject: [PATCH] Add semgrep

---
 Jenkinsfile | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index b307174..845f1a8 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -35,7 +35,24 @@ pipeline {
         sh """
           docker run --rm -v "\$(pwd):/src" \
             returntocorp/semgrep \
-            semgrep scan --config=auto /cmd /internal
+            semgrep scan --config=auto \
+            --sarif --output /src/semgrep.sarif \
+            /src/internal /src/cmd
+        """
+      }
+    }
+
+    stage('Upload to DefectDojo') {
+      steps {
+        sh """
+          curl -X POST "${DD_URL}/api/v2/import-scan/" \
+            -H "Authorization: Token ${DD_API_KEY}" \
+            -F "scan_type=SARIF" \
+            -F "file=@\$(pwd)/semgrep.sarif" \
+            -F "product_name=ReSendit" \
+            -F "engagement_name=Jenkins-CI" \
+            -F "auto_create_context=true" \
+            -F "close_old_findings=true"
         """
       }
     }
@@ -89,6 +106,7 @@ pipeline {
       sh 'docker logout ${REGISTRY} || true'
       sh 'docker image rm -f ${IMAGE}:${IMAGE_TAG_SHA} || true'
       sh 'docker image prune -f || true'
+      sh 'rm -f semgrep.sarif || true'
     }
   }
 }
\ No newline at end of file