Add additional PHP Semgrep community rules to GitLab-managed ruleset
Proposal
As discussed here, we've only added 9
php rules to semgrep
, however, there are 60 community PHP rules in the Semgrep registry (33 additional rules are Pro-only).
The purpose of this issue is to add the remaining PHP rules that have good efficacy to the GitLab-managed ruleset for PHP scanning, which is distributed in the Semgrep-based analyzer.
Note: even though there are 60 community PHP rules, 9
of these have already been added as part of Migrate phpcs-security-audit coverage to Semgre... (#364060 - closed) • Adam Cohen • 16.10, so there's only 51
potential rules we can add.
Edited by Adam Cohen