Create Semgrep Action by NicholasEllul · Pull Request #1 · MetaMask/semgrep-action

NicholasEllul · 2025-01-17T16:04:17Z

Summary

This pull request creates a Semgrep plug-in for the MetaMask Security Code Scanner allowing us to leverage semgrep in our scans.

Testing this action

Clone the https://github.com/metamask/appsec-Playground/ repository. It currently uses MetaMask/Security-Code-Scanner@ellul/add-semgrep which is a branch of the code scanner configured to use this pull requests code.
Open a pull request in Appsec-Playground
See that the scan runs semgrep successfully
I've already created an example pull request you can review here) which also showcases how test directories are ignored.

Use custom Semgrep Rules

Run tests and rule validation in CI

NicholasEllul force-pushed the ellul/init branch from 25b4df2 to 09250ec Compare January 17, 2025 16:08

NicholasEllul marked this pull request as draft January 17, 2025 16:15

NicholasEllul force-pushed the ellul/init branch from 5b32f11 to 38f3336 Compare January 17, 2025 17:17

NicholasEllul added 2 commits January 17, 2025 12:18

Add Semgrep Action

ade8c23

Update README

30f0add

NicholasEllul force-pushed the ellul/init branch from 38f3336 to 30f0add Compare January 17, 2025 17:19

NicholasEllul added 2 commits January 17, 2025 12:19

Add custom rule for actions/cache usage

be89eb7

Add CI Step to validate & test semgrep rules

43cd2c8

NicholasEllul marked this pull request as ready for review January 17, 2025 17:21

Add future rules directory

49549d8

NicholasEllul mentioned this pull request Jan 17, 2025

Use custom Semgrep Rules #2

Merged

Merge pull request #2 from MetaMask/ellul/add-actions-cache-rule

45fe905

Use custom Semgrep Rules

NicholasEllul requested a review from a team January 17, 2025 17:39

witmicko previously approved these changes Jan 17, 2025

View reviewed changes

NicholasEllul dismissed witmicko’s stale review via 3a6894d January 17, 2025 18:13

Add additional rule metadata

4cef99a

NicholasEllul force-pushed the ellul/init branch from 3a6894d to 4cef99a Compare January 17, 2025 18:21

NicholasEllul requested review from a team and witmicko January 17, 2025 18:25

Add simple hello-world example

632a0fd

NicholasEllul mentioned this pull request Jan 17, 2025

Add binary to assist in local semgrep scanning #6

Merged

witmicko previously approved these changes Jan 20, 2025

View reviewed changes

Merge pull request #3 from MetaMask/ellul/ci-checks

ed61475

Run tests and rule validation in CI

NicholasEllul dismissed witmicko’s stale review via ed61475 January 20, 2025 14:30

NicholasEllul requested a review from witmicko January 20, 2025 14:31

witmicko approved these changes Jan 20, 2025

View reviewed changes

NicholasEllul merged commit 2d41c78 into main Jan 20, 2025
1 check passed

NicholasEllul deleted the ellul/init branch January 20, 2025 14:44

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Create Semgrep Action#1

Create Semgrep Action#1
NicholasEllul merged 9 commits intomainfrom
ellul/init

NicholasEllul commented Jan 17, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Conversation

NicholasEllul commented Jan 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Testing this action

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

NicholasEllul commented Jan 17, 2025 •

edited

Loading