From e66f4c5ec78b2892c823d00fd3b36d4f86480d2a Mon Sep 17 00:00:00 2001
From: Colm O hEigeartaigh <coheigea@users.noreply.github.com>
Date: Fri, 24 May 2024 10:10:21 +0100
Subject: [PATCH] Disabling Veracode + Semgrep scans (#5316)

---
 .github/actions/sourceclear/Dockerfile    |  5 ----
 .github/actions/sourceclear/action.yml    |  9 ------
 .github/actions/sourceclear/entrypoint.sh | 26 -----------------
 .github/workflows/security-scan.yml       | 21 --------------
 .github/workflows/semgrep.yml             | 34 -----------------------
 5 files changed, 95 deletions(-)
 delete mode 100644 .github/actions/sourceclear/Dockerfile
 delete mode 100644 .github/actions/sourceclear/action.yml
 delete mode 100755 .github/actions/sourceclear/entrypoint.sh
 delete mode 100644 .github/workflows/security-scan.yml
 delete mode 100644 .github/workflows/semgrep.yml

diff --git a/.github/actions/sourceclear/Dockerfile b/.github/actions/sourceclear/Dockerfile
deleted file mode 100644
index e22853a74cd..00000000000
--- a/.github/actions/sourceclear/Dockerfile
+++ /dev/null
@@ -1,5 +0,0 @@
-FROM node:16
-RUN apt-get update
-RUN apt-get install -y --no-install-recommends curl jq
-COPY entrypoint.sh /entrypoint.sh
-ENTRYPOINT ["/entrypoint.sh"]
diff --git a/.github/actions/sourceclear/action.yml b/.github/actions/sourceclear/action.yml
deleted file mode 100644
index 7a27be95d90..00000000000
--- a/.github/actions/sourceclear/action.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-name: 'SourceClear Scan'
-description: 'Scan a project with the SourceClear agent'
-author: 'SourceClear'
-secrets:
-  SRCCLR_API_TOKEN:
-    description: 'The API token to use'
-runs:
-  using: 'docker'
-  image: 'Dockerfile'
diff --git a/.github/actions/sourceclear/entrypoint.sh b/.github/actions/sourceclear/entrypoint.sh
deleted file mode 100755
index 9108988b3b8..00000000000
--- a/.github/actions/sourceclear/entrypoint.sh
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/sh -l
-echo "Download srcclr ci script ..."
-curl -sSL https://download.sourceclear.com/ci.sh --output srcclr.sh
-echo "Script saved to srcclr.sh"
-chmod a+x srcclr.sh
-echo "Script execution rights added"
-
-packages=$(yarn --silent workspaces info  | jq '.[].location' | sed 's/\"//g')
-
-# scan each folder
-echo "Starting scan on . (root) ..."
-./srcclr.sh scan .
-echo "Scan completed on . (root)"
-
-for folder in $packages;
-do
-    echo "Starting scan on ./$folder ..."
-    echo "> ln -s yarn.lock ./$folder/yarn.lock"
-    cp yarn.lock ./$folder/yarn.lock
-    ls -l ./$folder
-    echo "> ./srcclr.sh scan ./$folder"
-    ./srcclr.sh scan ./$folder
-    echo "Scan completed on ./$folder"
-done
-
-
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
deleted file mode 100644
index 442d2c03767..00000000000
--- a/.github/workflows/security-scan.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-name: Security scan
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: '0 0 * * 0' # https://crontab.guru/every-week "At 00:00 on Sunday."
-
-permissions:
-  contents: read
-
-jobs:
-  build:
-    environment: main
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
-      - name: Scan
-        uses: ./.github/actions/sourceclear
-        env:
-          SRCCLR_API_TOKEN: ${{ secrets.SRCCLR_API_TOKEN }}
-          SRCCLR_SCOPE: 'production'
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
deleted file mode 100644
index eb1a26be9a3..00000000000
--- a/.github/workflows/semgrep.yml
+++ /dev/null
@@ -1,34 +0,0 @@
-# Name of this GitHub Actions workflow.
-name: Semgrep
-
-on:
-  workflow_dispatch:
-  pull_request:
-  push:
-    branches:
-      - master
-    paths:
-      - .github/workflows/semgrep.yml
-  schedule:
-    - cron: '0 0 * * 0'
-
-jobs:
-  semgrep:
-    environment: pull_request_unsafe
-    name: Scan
-    runs-on: ubuntu-latest
-
-    container:
-      # A Docker image with Semgrep installed. Do not change this.
-      image: returntocorp/semgrep
-
-    # Skip any PR created by dependabot to avoid permission issues:
-    if: (github.actor != 'dependabot[bot]')
-
-    steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
-      # Run the "semgrep ci" command on the command line of the docker image.
-      - run: semgrep ci
-        env:
-          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
-