Document handling expected BAP failures
Problem to solve
The BAP CI jobs are the SAST team's last line of defense to avoid releasing unintended rule changes. However, some changes, such as removing a high FP rule, will result in the BAP job failing on the change MR.
The process of how to deal with these expected failures is clunky and undocumented.
Related links
Proposed Solution
- Document how to dismiss BAP failures in the semgrep README.
- Update the BAP verify script to output how to dismiss expected failure.
/cc @julianthome @idawson
Edited by Craig Smith