Merge pull request #145 from pulibrary/repec-semgrep

Repec semgrep
pulibrary · Sep 24, 2024 · 8a2b976 · 8a2b976
2 parents f55a02b + 31e1158
commit 8a2b976
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 0 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -72,6 +72,14 @@ jobs:
       - checkout
       - run: curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/contrib/install.sh | sh -s -- -b /tmp
       - run: CURRENT_BRANCH=$CIRCLE_BRANCH SHA=$CIRCLE_SHA1 /tmp/bearer scan .
+  semgrep:
+    docker:
+        - image: returntocorp/semgrep
+    steps:
+      - checkout
+      - run:
+          name: Check code against community-provided and custom semgrep rules
+          command: semgrep ci --config auto
 workflows:
   version: 2
   build_and_test:
@@ -90,3 +98,4 @@ workflows:
           requires:
             - build
       - bearer
+      - semgrep
diff --git a/.semgrepignore b/.semgrepignore
@@ -0,0 +1,18 @@
+# Common large paths
+node_modules/
+vendor/
+*.min.js
+spec/
+.github/
+
+# Semgrep rules folder
+.semgrep
+
+# Semgrep-action log folder
+.semgrep_logs/
+
+# Tickets to remediate these rules and remove from this list
+config/
+# https://github.com/pulibrary/repecwp/issues/143
+app/controllers/
+# https://github.com/pulibrary/repecwp/issues/144