From 3d9984b232fda7aa4c4b86ef92b031f69f129d5d Mon Sep 17 00:00:00 2001 From: milkrage Date: Fri, 18 Oct 2024 14:17:28 +0300 Subject: [PATCH] Test semgrep --- .github/workflows/secure.yml | 5 +++-- GNUmakefile | 21 +++++++++++++++++++++ 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/.github/workflows/secure.yml b/.github/workflows/secure.yml index e49e66f3..a24128ad 100644 --- a/.github/workflows/secure.yml +++ b/.github/workflows/secure.yml @@ -21,7 +21,7 @@ jobs: security-events: write steps: - uses: actions/checkout@v4 - - run: semgrep scan --sarif --output=semgrep.sarif --error --severity=WARNING + - run: semgrep scan --sarif --output=semgrep.sarif --severity=WARNING env: SEMGREP_RULES: >- p/command-injection @@ -41,8 +41,9 @@ jobs: p/security-audit p/sql-injection p/xss - - uses: github/codeql-action/upload-sarif@v3 + - uses: github/codeql-action/upload-sarif@v3.26.3 with: + args: --no-metadata-verification sarif_file: semgrep.sarif if: always() diff --git a/GNUmakefile b/GNUmakefile index e55ef800..36486083 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -45,4 +45,25 @@ ifeq (,$(wildcard $(GOPATH)/src/$(WEBSITE_REPO))) endif @$(MAKE) -C $(GOPATH)/src/$(WEBSITE_REPO) website-provider-test PROVIDER_PATH=$(shell pwd) PROVIDER_NAME=$(PKG_NAME) +semgrep: + docker run --rm -v ${PWD}:/app:ro -w /app semgrep/semgrep semgrep scan --error --metrics=off \ + --config=p/command-injection \ + --config=p/comment \ + --config=p/cwe-top-25 \ + --config=p/default \ + --config=p/gitlab \ + --config=p/gitleaks \ + --config=p/golang \ + --config=p/gosec \ + --config=p/insecure-transport \ + --config=p/owasp-top-ten \ + --config=p/r2c-best-practices \ + --config=p/r2c-bug-scan \ + --config=p/r2c-security-audit \ + --config=p/secrets \ + --config=p/security-audit \ + --config=p/sql-injection \ + --config=p/xss \ + . + .PHONY: golangci-lint build test testacc fmt test-compile website website-test