Refactor semgrep-appsec-custom-rules to not fetch

Dan Davisonrequested to merge
dj-refactor-semgrep-ci into master

What does this MR do and why?

  • Refactor semgrep-appsec-custom-rules to not git fetch origin master. This fetch appears to be unnecessary.
  • Update semgrep version from 1.99.0 to 1.123.0

This fixes issues that we see where jobs have an inflated runtime (1m vs ~11m) This fixes issues that we see where jobs fail for unrelated reasons. (Example failed job)

Actions post-merge

  • Backport to 18.0
  • Backport to 17.11
  • Backport to 17.10
  • Backport to 17.9

References

gitlab-com/gl-infra/delivery#21126 (closed)

Screenshots or screen recordings

was able to verify this works in https://gitlab.com/gitlab-org/gitlab/-/jobs/10193877147#L107

That job scanned 2 ruby files that were changed in the MR.

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Dan Davison

Merge request reports