Add Ruby semgrep post-processing script (!149132) · Merge requests · GitLab.org / GitLab

Ameya Darshan requested to merge ameyadarshan-master-patch-49200 into master Apr 10, 2024

What does this MR do and why?

This MR replaces the current semgrep result processing script with a Ruby script, which also allows the bot to create inline comments on MR using the discussions API.

How to set up and validate locally

Fork this branch.
Add vulnerable code from one of the classes at https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/-/tree/main/secure-coding-guidelines.
Verify that the bot creates inline MR comments with the message.
Verify that the bot doesn't create more than 1 comment per finding when pipelines are run again on updating the code.

Edited Apr 11, 2024 by Ameya Darshan

Add Ruby semgrep post-processing script

What does this MR do and why?

How to set up and validate locally

Merge request reports