fix: do not include .gitignore in semgrepignore
What does this MR do?
This MR fixes an issue where some .gitignore files prevent all SAST scanning via Semgrep.
In the case that .gitignore excludes lots (or all) files and then selectively re-includes them, semgrep will not recognize the includes.
The following .gitignore file will result in no .go files being scanned by semgrep, but is valid .gitignore
# Ignore everything
*
# But not these files...
!/.go
Including .gitignore does not really make sense in our case anyway. We are scanning in the pipeline, so everything in the directory is in git anyway. This include is more to prevent local files from being SAST scanned if they are not going to be committed.
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by SimonGurney