Pluto 1390 semgrep installation and running#73
Merged
andrzej-janczak merged 7 commits intofeature/semgrepfrom Apr 14, 2025
Merged
Pluto 1390 semgrep installation and running#73andrzej-janczak merged 7 commits intofeature/semgrepfrom
andrzej-janczak merged 7 commits intofeature/semgrepfrom
Conversation
- Updated semgrep version in codacy.yaml from 1.33.2 to 1.78.0. - Added semgrep to the list of supported tools in tool-utils_test.go. - Implemented RunSemgrep function in semgrepRunner.go to execute Semgrep analysis. - Created tests for Semgrep functionality in semgrepRunner_test.go. - Added sample JavaScript file and expected SARIF output for testing.
- Implemented logic to check for the existence of a custom Semgrep configuration file (.semgrep.yml) and use it if available. - Default to using the 'auto' configuration only if no custom config file is found.
Coverage summary from CodacySee diff coverage on Codacy
Coverage variation details
Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: Diff coverage details
Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: See your quality gate settings Change summary preferences |
machadoit
reviewed
Apr 11, 2025
tools/semgrepRunner.go
Outdated
| } | ||
|
|
||
| // Check if a config file exists in the expected location and use it if present | ||
| if configFile, exists := ConfigFileExists(config.Config, ".semgrep.yml"); exists { |
Contributor
There was a problem hiding this comment.
While we improve this to rely on the API info, do you want to update this to receive a list of file config names?
configurationFilenames: [
".semgrep.yaml",
".semgrep.yml"
],
Just to check for the .yaml and .yml to avoid problems
Contributor
Author
There was a problem hiding this comment.
done, AI did this ... version which is okish I think
machadoit
approved these changes
Apr 14, 2025
andrzej-janczak
added a commit
that referenced
this pull request
Apr 17, 2025
andrzej-janczak
added a commit
that referenced
this pull request
Apr 17, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
config init will be added in another PR