BAP doesn't run for semgrep or secrets when MR is created by SASTBot
Problem to solve
BAP runs on MR pipelines for semgrep and secrets to protect against regressions when updating analyzer dependencies.
Both semgrep and secrets are periodically updated through SASTBot which creates an MR on a fork that upgrades dependencies, including the wrapper analyzer. This MR does not run BAP. This is dangerous because updates through SASTBot could cause a reduction in finding quality, and without BAP, issues are more likely to go undetected and be released to production.
This is likely a permissions issue, but needs to be investigated.
Edited by Craig Smith