Replace gosec-sast with semgrep-sast job (!149) · Merge requests · GitLab.org / release-cli · GitLab

Alishan Ladhani requested to merge ali/replace-gosec-with-semgrep into master Oct 03, 2022

What does this MR do and why?

The gosec-sast job has been removed from the SAST CI template in favour of semgrep-sast and is currently failing (e.g https://gitlab.com/gitlab-org/release-cli/-/jobs/3120669435). See gitlab#352554 (closed) for details.

Note that we still run gosec through golangci-lint: https://gitlab.com/gitlab-org/release-cli/-/blob/master/.golangci.yml#L160

Checklist

[-] I added tests
Green pipeline
Assign to reviewer

Edited Oct 03, 2022 by Alishan Ladhani