Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add semgrep to CI/CD pipeline #1245

Closed
samayer12 opened this issue Oct 9, 2024 · 1 comment
Closed

Add semgrep to CI/CD pipeline #1245

samayer12 opened this issue Oct 9, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@samayer12
Copy link
Collaborator

samayer12 commented Oct 9, 2024
edited
Loading

Is your feature request related to a problem? Please describe.

Analyze code changes to pepr with semgrep.

Describe the solution you'd like

  • Given a PR is created
  • When a github actions workflow runs
  • Then semgrep analyzes the code changes with the default rule set

Describe alternatives you've considered

Similar tools are CodeQL (already in the pipeline) and SonarQube (see #1246).

Additional context

Check out #bof-cyber on Slack and reference this thread. Related to #1198.
@samayer12 samayer12 added the enhancement New feature or request label Oct 9, 2024
This was referenced Oct 9, 2024
Closed
Merged
@cmwylie19
Copy link
Collaborator

These do not provide additional benefit on top of our current lint settings. It is currently not worth the engineering effort.

@github-project-automation github-project-automation bot moved this from 🆕 New to ✅ Done in Pepr Project Board Jan 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
Pepr Project Board
Status: ✅ Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cmwylie19 @samayer12