From 75f0d967f7a52fd2443878a3f251fec18a7fb2c3 Mon Sep 17 00:00:00 2001 From: rladdusaw Date: Fri, 20 Sep 2024 16:43:56 -0400 Subject: [PATCH] semgrep config and ignore list (#4376) * semgrep config and ignore list * Not using semgrep.yml * Added issues --------- Co-authored-by: Ryan Laddusaw --- .circleci/config.yml | 10 ++++++++++ .semgrepignore | 31 +++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 .semgrepignore diff --git a/.circleci/config.yml b/.circleci/config.yml index 3be0e5af5..b5cc0ce12 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -197,6 +197,15 @@ jobs: name: Check code smells with Reek command: bundle exec reek app + semgrep: + docker: + - image: returntocorp/semgrep + steps: + - checkout + - run: + name: Check code against community-provided and custom semgrep rules + command: semgrep ci --config auto + finish: executor: basic-executor steps: @@ -228,6 +237,7 @@ workflows: - build - reek - bearer + - semgrep - js_tests: requires: - build diff --git a/.semgrepignore b/.semgrepignore new file mode 100644 index 000000000..e18110d12 --- /dev/null +++ b/.semgrepignore @@ -0,0 +1,31 @@ +# Common large paths +node_modules/ +vendor/ +*.min.js +spec/ + +# Semgrep rules folder +.semgrep + +# Semgrep-action log folder +.semgrep_logs/ + +# Tickets to remediate these rules and remove from this list +lib/orangelight/ +# https://github.com/pulibrary/orangelight/issues/4377 +config/ +# https://github.com/pulibrary/orangelight/issues/4378 +app/views/ +# https://github.com/pulibrary/orangelight/issues/4379 +app/services/ +# https://github.com/pulibrary/orangelight/issues/4380 +app/processors/orangelight/ +# https://github.com/pulibrary/orangelight/issues/4381 +app/models/requests/ +# https://github.com/pulibrary/orangelight/issues/4382 +app/helpers/ +# https://github.com/pulibrary/orangelight/issues/4383 +app/controllers/ +# https://github.com/pulibrary/orangelight/issues/4384 +app/components/ +# https://github.com/pulibrary/orangelight/issues/4385