pipeline {
    agent any

    stages {
        stage('Checkout') {
            steps {
                checkout scm
            }
        }

        stage('Install Dependencies') {
            steps {
                sh 'npm install'  // or mvn install / pip install
            }
        }

        stage('SAST - Semgrep') {
            steps {
                sh 'semgrep scan --config auto --json > semgrep-report.json || true'
            }
            post {
                always {
                    archiveArtifacts artifacts: 'semgrep-report.json'
                }
            }
        }

        stage('Unit Tests') {
            steps {
                sh 'npm test || true'
            }
        }
    }

    post {
        always {
            echo "Dev pipeline finished"
        }
    }
}