Pass SAST_EXCLUDED_PATHS as semgrep exclude flags
What does this MR do?
Parse the SAST_EXCLUDED_PATHS env var and pass --exclude
arguments to semgrep to stop semgrep from looking at those paths. This will likely have a large performance improvement.
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Merge request reports
Activity
changed milestone to %14.0
assigned to @dsearles
added 1 commit
- 6f2269c9 - Pass SAST_EXCLUDED_PATHS as semgrep exclude flags
@zrice @theoretick @underyx would you all please review this?
Please note that it doesn't attempt to solve for any differences between supported glob patterns between the pattern matching details of Semgrep
--exclude
and SAST_EXCLUDED_PATHS as @zrice brought up as a possible problem in !38 (comment 582115633)requested review from @zrice, @theoretick, and @underyx
mentioned in merge request !38 (closed)
- Resolved by Zach Rice
added 1 commit
- 1f796a83 - Pass SAST_EXCLUDED_PATHS as semgrep exclude flags
- Resolved by Zach Rice
added 1 commit
- 48ce4dfa - Pass SAST_EXCLUDED_PATHS as semgrep exclude flags
marked the checklist item Conforms to the code review guidelines as completed
marked the checklist item Conforms to the Go guidelines as completed
mentioned in commit fbf9c96d
v2.5.0
released with https://gitlab.com/gitlab-org/security-products/analyzers/semgrep/-/releases/v2.5.0mentioned in issue gitlab-com/www-gitlab-com#11724 (closed)