Semgrep violations point to incorrect URL
Summary
The findings reported by the semgrep analyzer (via the SAST scanning) reports URLs starting with https://semgrep.dev/r/gitlab.<tool>.<ruleId>
. However, on semgrep.dev this does not show any rules.
For example see this snippet from the JSON report:
[...]
{
"type": "semgrep_id",
"name": "eslint.detect-non-literal-fs-filename",
"value": "eslint.detect-non-literal-fs-filename",
"url": "https://semgrep.dev/r/gitlab.eslint.detect-non-literal-fs-filename"
},
[...]
This URL is shown in the vulnerability detail view.
Steps to reproduce
Either run SAST on a project or try to click the links in the semgrep code base (tests).
Example Project
n/a
What is the current bug behavior?
The vulnerability view shows a URL with details about a finding but on the URL the rule cannot be found.
What is the expected correct behavior?
The rule should be shown on the semgrep site.
Relevant logs and/or screenshots
n/a
Output of checks
This bug happens on GitLab.com
Possible fixes
n/a