Use SAST-rules repo as single source of truth for Semgrep-based analyzer rules
Description
This is the second step in a two step process to reduce semgrep rules to a single source of truth.
Tasks
Transfer each rule set:
-
ESLint - gitlab-org/security-products/analyzers/semgrep!244 (merged) -
flawfinder - gitlab-org/security-products/analyzers/semgrep!249 (merged) -
gosec - gitlab-org/security-products/analyzers/semgrep!263 (merged) -
security_code_scan gitlab-org/security-products/analyzers/semgrep!269 (merged) -
find_sec_bugs gitlab-org/security-products/analyzers/semgrep!269 (merged) -
bandit gitlab-org/security-products/analyzers/semgrep!272 (merged) -
find_sec_bugs_scala
Optional Task:
-
Add schema and check to ensure the mapping files are formatted as expected. #390908 (comment 1400970355)replaced by #415421 (closed) -
Refactor and test the deploy scriptReplaced by #415422 (closed) -
Reduce complexity of deploy script by adding ID and primary ID to mapping files -
bandit -
eslint gitlab-org/security-products/sast-rules!170 (merged) -
gosec gitlab-org/security-products/sast-rules!170 (merged) -
flawfinder gitlab-org/security-products/sast-rules!171 (merged) -
security_code_scan gitlab-org/security-products/sast-rules!172 (merged) -
find_sec_bugs gitlab-org/security-products/sast-rules!173 (merged) -
find_sec_bugs_scala gitlab-org/security-products/sast-rules!174 (merged)
-
Edited by Craig Smith