Downgrade semgrep to address performance concerns in Java projects
What does this MR do?
Customers have reported performance issues when running semgrep against Java projects.
Testing locally, running semgrep v1.41.0 against https://github.com/gradle/gradle/tree/master/subprojects/language-native/src/main/java/org/gradle took 13 seconds. Running v1.42.0 and all subsequent versions against https://github.com/gradle/gradle/tree/master/subprojects/language-native/src/main/java/org/gradle took over 1 minute.
This MR downgrades semgrep to v1.41.0 until we can investigate the issue further.
What are the relevant issue numbers?
- https://gitlab.com/gitlab-com/sec-sub-department/section-sec-request-for-help/-/issues/121
- gitlab-org/gitlab#428253 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests updated/added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Craig Smith