From c458543b33ece595cd35456fa363275ffbd69e07 Mon Sep 17 00:00:00 2001
From: security-bot-jupiter <security-bot@jupiter.money>
Date: Thu, 26 Feb 2026 13:55:45 +0530
Subject: [PATCH] feat: Add PR Semgrep Scan workflow

---
 .github/workflows/semgrep.yml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 .github/workflows/semgrep.yml

diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
new file mode 100644
index 0000000..a67e910
--- /dev/null
+++ b/.github/workflows/semgrep.yml
@@ -0,0 +1,25 @@
+name: PR Semgrep Scan
+
+on:
+  pull_request:
+    branches:
+      - main
+      - master
+      - develop
+  schedule:
+    - cron: '30 3 * * 0'
+  workflow_dispatch:
+
+jobs:
+  semgrep-scan:
+    uses: jupitermoney/security-automations/.github/workflows/semgrep-reusable-workflow.yml@develop
+    with:
+      repo-name: ${{ github.repository }}
+      pr-initiator: ${{ github.event.pull_request.user.login }}
+      highlight-findings: true
+    secrets:
+      SEMGREP_API_URL: ${{ secrets.SEMGREP_API_URL }}
+      SEMGREP_SLACK_BOT_TOKEN: ${{ secrets.SEMGREP_SLACK_BOT_TOKEN }}
+      SEMGREP_SLACK_SIGNING_SECRET: ${{ secrets.SEMGREP_SLACK_SIGNING_SECRET }}
+      SEMGREP_GITHUB_TOKEN: ${{ secrets.SEMGREP_GITHUB_TOKEN }}
+      SEMGREP_API_KEY: ${{ secrets.SEMGREP_API_KEY }}