Draft: Replace local bandit.yml with sast-rules bandit.yml
What does this MR do?
The bandit rules are defined both in semgrep and sast-rules. The most up to date version of these rules is that defined in sast-rules. This MR removes the need to manually update the rules in semgrep with those in sast-rules by copying them from a defined tag when the project is built.
Making this change will result in a number of changes to the bandit ruleset.
6 rules have been renamed - !219 (comment 1325146880)
3 rules have been updated !219 (comment 1332353102):
- bandit.B105 gitlab-org/gitlab#390908 (comment 1312468413)
- bandit.B310-2 gitlab-org/gitlab#390908 (comment 1312569499)
- bandit.B606 gitlab-org/gitlab#390908 (comment 1312575120)
What are the relevant issue numbers?
gitlab-org/gitlab#390908 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Craig Smith