Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: SECOPS-2525 - add semgrep job #812

Merged
merged 1 commit into from
Jan 25, 2024
Merged

feat: SECOPS-2525 - add semgrep job #812

merged 1 commit into from
Jan 25, 2024

Conversation

svc-secops
Copy link
Contributor

Motivation / Implements

This PR adds or updates the necessary configuration to enable Semgrep to run on PRs on this repo. The Apollo Security team uses Semgrep to test our source for potential security vulnerabilities.

Once this is accepted and merged, the Security team plans to make a passing Semgrep check a requirement for PRs to merge into this repo. This will prevent net-new severe issues from being introduced. The job proposed by this PR runs in a diff-aware mode, so it will only run Semgrep on the files that have changed in a given PR.

In the event that a severe issue is detected on a PR, the CI job will add a comment to the PR associated with the detection to provide instructions on how to properly resolve the detection. The comment added to PRs will also include instructions on how to get further support if needed.

If maintainers reviewing this PR have questions, please reach out in the #security channel in Slack or contact Matt Peake directly at matt[.]peake@apollographql[.]com.

Existing Findings

Semgrep does not currently detect any severe issues in this repo.

Changed

  • Updated .circleci/config.yml to include appropriate configuration to enable Semgrep as a CI check. These changes were programmatically generated, so YAML formatting may have been modified to conform to the YAML spec.
  • Updated SecOps orb to latest version

@peakematt peakematt marked this pull request as ready for review January 10, 2024 17:58
@peakematt peakematt requested a review from a team as a code owner January 10, 2024 17:58
@phryneas phryneas merged commit f463d87 into main Jan 25, 2024
6 of 7 checks passed
@phryneas phryneas deleted the secops/202401/semgrep branch January 25, 2024 14:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants