Fix exclusion patterns being matched against the absolute path of $CI_PROJECT_DIR
What does this MR do?
Providing the path to $CI_PROJECT_DIR as the final argument to Semgrep causes it to match exclusion patterns against the value of the argument (almost certainly the absolute path to where the repository is mounted in the analyzer's Docker container).
This causes several issues documented here: gitlab-org/gitlab#223283 (comment 995017201)
We don't need to explicitly provide the project path as we already set the working directory of the command to the path. This change invokes Semgrep from and relative to the project path.
What are the relevant issue numbers?
- gitlab-org/gitlab#332187 (closed) (the original issue that prompted me down this rabbit hole)
- gitlab-org/gitlab#223283 (I've added some commentary here explaining the issue in depth)
Does this MR meet the acceptance criteria?
- [-] Changelog entry added
-
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Lucas Charles