- c
- c++
- go
- html
- javascript
- json
- php
- python
- ruby
- yaml"
var | purpose | type | default |
---|---|---|---|
SCA_BLACKLIST_semgrep | Blacklist filter for this tool | space-separated-list | "" |
SCA_SEMGREP_EXTRA_FATAL | Extra error-IDs leading to build termination when found | space-separated-list | "": |
SCA_SEMGREP_EXTRA_SUPPRESS | Extra error-IDs to be suppressed | space-separated-list | "" |
SCA_SEMGREP_RULESETS | Rule directories to use | comma separated regex list | see sca-semgrep.bbclass |
SCA_SEMGREP_USER_RULES_RECIPES | Additional recipes providing user rules | comma separated regex list | "" |
You can add your own rules to semgrep. For the format description please see the rule documentation. Also check out the interactive playyground.
Resulting yml
-files or complete folder have to be installed from native
recipe into the sysroot.
Just add the recipe name to SCA_SEMGREP_USER_RULES_RECIPES
and add the path in the sysroot where to find file/files/folder to SCA_SEMGREP_RULESETS
(e.g. SCA_SEMGREP_RULESETS_append = "${STAGING_DATADIR_NATIVE}/my-personal-semgrep/rules
)
- suppression of IDs
- terminate build on fatal
- run on recipe
- run on image
- run with SCA-layer default settings (see SCA_AVAILABLE_MODULES)
- requires online access
tbd
- security
- functional defects
- compliance
- style issues
- ⬛⬛⬜⬜⬜⬜⬜⬜⬜⬜ 02/10 Build Speed
- ⬛⬛⬛⬛⬛⬛⬛⬜⬜⬜ 07/10 Execution Speed
- ⬛⬛⬛⬛⬛⬛⬛⬛⬜⬜ 08/10 Quality
- n.a.
- semgrep.semgrep.*
- n.a.
- n.a.