Ruleset customization with default configuration for Semgrep

What does this MR do?

Use the new API provided by the ruleset package to use and expand the default SAST configuration. The MR dependencies are illustrated below.

What are the relevant issue numbers?

  1. Implement passthrough filtering in the ruleset ... (gitlab-org/gitlab#569182 - closed) • Julian Thome • 18.5 • On track
  2. Allow SAST custom rules to be appended to rathe... (gitlab-org/gitlab#426406 - closed) • Julian Thome • 18.5 • On track

Test project

https://gitlab.com/julianthome/keepdefaultconfig

  1. main branch custom rule + standard rules enabled with keepdefaultrules = true
  2. Overrides only: Configurations without keepdefaultrules = true and without passhtroughs (only overrides) https://gitlab.com/julianthome/keepdefaultconfig/-/merge_requests/2+s and https://gitlab.com/julianthome/keepdefaultconfig/-/merge_requests/1+s. The resulting reports are identical (backwards compatible behaviour).
  3. A configuration with keepdefaultrules=false that includes overrides and passthroughs which behaves the same as the standard semgrep configuration https://gitlab.com/julianthome/keepdefaultconfig/-/merge_requests/4+s.

Does this MR meet the acceptance criteria?

Edited by Julian Thome

Merge request reports

Loading