semgrep config and issues

pulibrary · Sep 23, 2024 · 85d05a4 · 85d05a4
1 parent d7c5bae
commit 85d05a4
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 0 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -35,6 +35,14 @@ jobs:
       - ruby/rubocop-check:
           format: progress
           label: Inspecting with Rubocop
+  semgrep:
+    docker:
+        - image: returntocorp/semgrep
+    steps:
+      - checkout
+      - run:
+          name: Check code against community-provided and custom semgrep rules
+          command: semgrep ci --config auto
   test:
     parameters:
       ruby-version:
@@ -75,6 +83,7 @@ workflows:
             parameters:
               ruby-version: ["3.1.3"]
       - rubocop
+      - semgrep
       - test:
           requires:
             - build-v<< matrix.ruby-version >>

diff --git a/.semgrepignore b/.semgrepignore
@@ -0,0 +1,19 @@
+# Common large paths
+node_modules/
+vendor/
+*.min.js
+spec/
+
+# Semgrep rules folder
+.semgrep
+
+# Semgrep-action log folder
+.semgrep_logs/
+
+# Tickets to remediate these rules and remove from this list
+config/
+# https://github.com/pulibrary/geaccirc/issues/62
+app/views/
+# https://github.com/pulibrary/geaccirc/issues/63
+app/controllers/
+# https://github.com/pulibrary/geaccirc/issues/64