Add semgrep

Jenkinsfile

@@ -35,7 +35,24 @@ pipeline {
         sh """
           docker run --rm -v "\$(pwd):/src" \
             returntocorp/semgrep \
-            semgrep scan --config=auto /cmd /internal
+            semgrep scan --config=auto \
+            --sarif --output /src/semgrep.sarif \
+            /src/internal /src/cmd
+        """
+      }
+    }
+
+    stage('Upload to DefectDojo') {
+      steps {
+        sh """
+          curl -X POST "${DD_URL}/api/v2/import-scan/" \
+            -H "Authorization: Token ${DD_API_KEY}" \
+            -F "scan_type=SARIF" \
+            -F "file=@\$(pwd)/semgrep.sarif" \
+            -F "product_name=ReSendit" \
+            -F "engagement_name=Jenkins-CI" \
+            -F "auto_create_context=true" \
+            -F "close_old_findings=true"
         """
       }
     }
@@ -89,6 +106,7 @@ pipeline {
       sh 'docker logout ${REGISTRY} || true'
       sh 'docker image rm -f ${IMAGE}:${IMAGE_TAG_SHA} || true'
       sh 'docker image prune -f || true'
+      sh 'rm -f semgrep.sarif || true'
     }
   }
 }