Migrate C/C++ rules from Flawfinder to Semgrep
Purpose
In %17.0 we hope to remove flawfinder from the list of supported analyzers and move C and C++ scanning to semgrep.
C rules have already been converted from flawfinder in gitlab-org/security-products/sast-rules!29 (merged) but this conversion only supports C.
The purpose of this issue is to find out if the C rules in sast-rules can be updated to also run on C++, and if that change is sufficient to provide a satisfactory level of coverage to remove flawfinder.
If that change isn't enough we should define what is needed to deprecated flawfinder.
/cc @idawson
Edited by Craig Smith