Distill sast-ide branch down to include the bare minimum code required for the sast service. (#478877) · Tasks · GitLab.org / GitLab

Distill sast-ide branch down to include the bare minimum code required for the sast service.

MR: https://gitlab.com/gitlab-org/security-products/analyzers/semgrep/-/merge_requests/472 We already isolated the SAST service code in the three modules below: - server - middleware - auth The entrypoint for the Semgrep SAST service is `serve.go` which is (for the most part) decoupled from the rest of the implementation. By only removing unused code, i.e., code on which `serve.go` does not depend, we should be able to already eliminate a significant amount of code from the repository. As any other analyzer, the semgrep analyzer is geared towards the generation of a `gl-sast-report.json`. The semgrep server however is not an analyzer -- the generated report can be much more minimal than a `gl-sast-report.json` which safes bandwith and improves maintainability. In addition, there is important information we do not put into the `gl-sast-report.json` such as column information for findings. We do not need more than access to the Semgrep CLI instead of the semgrep analyzer and translate the SARIF produced by Semgrep into a reduced JSON Format that only includes the information [needed for our purposes](https://gitlab.com/gitlab-org/gitlab-vscode-extension/-/blob/ba2ba777f50f4606c4b79ce076858f9c5fce243a/src/desktop/commands/security_scans.ts#L88). Therefore, the next iteration of the semgrep service does not have to rely on all the libraries we ship for our default analysers (common, report, command, ...). Copy/update the necessary code directly in the `sast-ide` branch of the [semgrep analyzer project](https://gitlab.com/gitlab-org/security-products/analyzers/semgrep/-/tree/sast-ide?ref_type=heads) * [x] go source * [x] only what's necessary to support the `Serve` command and tests * [x] [`Dockerfile.service`](https://gitlab.com/gitlab-org/security-products/analyzers/semgrep/-/blob/sast-ide/Dockerfile.service?ref_type=heads) * [x] rename to `Dockerfile` and inline dependency on semgrep analyzer * [x] pipeline * [x] remove unused jobs, update registry references, and service image name * [x] `doc/api.md` (included into `README.md`) * [x] `README.md` - needs a rewrite * [x] Use a Dockerfile variable to determine which sast-rules release should be shipped

task