Bump Sast Rules version in Semgrep

SAST Rules Release 2.8.4

Actions for groupvulnerability research team member

Create this issue and replace X.Y.Z with the actual version number of the sast-rules release to be published.

Note: If the rules release includes support for a new file type, the engineer(s) on reaction rotation will refine and schedule the for an upcoming milestone.

Actions for groupstatic analysis team member

Release the new Semgrep SAST ruleset version X.Y.Z by going through the sequence of steps below:

~~If support for a new file type is required, refine and schedule the issue for an upcoming milestone.~~
Set SAST_RULES_VERSION=X.Y.Z in Dockerfile and Dockerfile.fips.

Add a Changelog entry.

- Update sast-rules version X.Y.Z.
  - List all rule changes since the last release here.

~~If support for a new file type is required:~~
1. Add new extension to https://gitlab.com/gitlab-org/security-products/analyzers/semgrep/-/blob/main/plugin/plugin.go.
2. Update SAST components template to add support for new file type.
3. Update the SAST templates SAST.latest.gitlab-ci.yml. and SAST.gitlab-ci.yml to support new file types.
4. Update the SAST documentation.

Edited Jul 17, 2025 by Jason Leasure