You need to sign in or sign up before continuing.
Gap analysis for eslint
Why are we doing this work
If we're going to replace eslint with an equivalent offering powered by semgrep, we need to map the rules to understand how they compare. The eslint analyzer covers a fair amount of client-side languages and frameworks for us, so we will need to evaluate the rules for each of the following:
- javascript
- typescript
- React.js
For each rule, we should work with groupvulnerability research to map them to CWE identifiers. This will enable us to do the same exercise for rules from the semgrep community and understand where the gaps may be. We are particularly interested in rules which are available in eslint yet not available in the relevant semgrep rulepacks.
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing: