File tree Expand file tree Collapse file tree 2 files changed +16
-90
lines changed
scanners/boostsecurityio/semgrep Expand file tree Collapse file tree 2 files changed +16
-90
lines changed Original file line number Diff line number Diff line change @@ -12,22 +12,29 @@ config:
1212 - .semgrep/*
1313
1414setup :
15- - name : Utility scripts
15+ - name : Validate rules
16+ environment :
17+ SEMGREP_RULES : ${SEMGREP_RULES:-https://assets.build.boostsecurity.io/semgrep-rules/stable/all-sast-rules.yml}
1618 run : |
17- mkdir -p $SETUP_PATH/pre-scan-checks/
18- cp $SETUP_PATH/../../registry/scanners/boostsecurityio/semgrep/prescan_checks.sh $SETUP_PATH/pre-scan-checks/semgrep
19+ echo "SEMGREP_RULES set to: '$SEMGREP_RULES'"
20+ for rule in $SEMGREP_RULES; do
21+ case "$rule" in
22+ .semgrep/*|http://*|https://*)
23+ # valid rule token; do nothing
24+ ;;
25+ *)
26+ echo "Semgrep Community Rules cannot be used. Provide a URL or relative path to rules file or leave blank for Boost curated rules."
27+ exit 1
28+ ;;
29+ esac
30+ done
1931
2032steps :
21- - run : |
22- $SETUP_PATH/pre-scan-checks/semgrep
23- environment:
24- SEMGREP_RULES: ${SEMGREP_RULES:-boost/sast/rules/semgrep@stable}
2533 - scan :
2634 command :
2735 docker :
2836 image : returntocorp/semgrep:1.114.0@sha256:0cd75960cfec2215ff734a4f6379bbbb6edb82de0c24593dd0a70ec65e9860a9
29- command : |
30- semgrep scan --config ./.semgrep --oss-only --sarif --quiet --disable-version-check --metrics=off .
37+ command : semgrep scan --oss-only --sarif --quiet --disable-version-check --metrics=off .
3138 workdir : /src
3239 environment :
3340 XDG_CONFIG_HOME : /tmp
Load Diff This file was deleted.
You can’t perform that action at this time.
0 commit comments