Skip to content

Pluto 1390 semgrep installation and running #73

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Apr 14, 2025
Merged

Pluto 1390 semgrep installation and running #73

merged 7 commits into from
Apr 14, 2025

Conversation

andrzej-janczak
Copy link
Contributor

@andrzej-janczak andrzej-janczak commented Apr 11, 2025
edited
Loading

⚠️ PR to feature branch

config init will be added in another PR

@andrzej-janczak
feature: semgrep
3faf5b0
@andrzej-janczak
feat: update semgrep version and add tests
1aed4c6 
- Updated semgrep version in codacy.yaml from 1.33.2 to 1.78.0.
- Added semgrep to the list of supported tools in tool-utils_test.go.
- Implemented RunSemgrep function in semgrepRunner.go to execute Semgrep analysis.
- Created tests for Semgrep functionality in semgrepRunner_test.go.
- Added sample JavaScript file and expected SARIF output for testing.
@andrzej-janczak
feat: enhance semgrep configuration handling
094d3ed 
- Implemented logic to check for the existence of a custom Semgrep configuration file (.semgrep.yml) and use it if available.
- Default to using the 'auto' configuration only if no custom config file is found.
@codacy-production Codacy Production
Copy link

codacy-production bot commented Apr 11, 2025
edited
Loading

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
+0.77% 68.49%
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (9a3ae32) 2646 860 32.50%
Head commit (90d4e4f) 2711 (+65) 902 (+42) 33.27% (+0.77%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#73) 73 50 68.49%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

@andrzej-janczak andrzej-janczak requested a review from Copilot April 11, 2025 13:41
Copilot
Copilot AI reviewed Apr 11, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 7 out of 8 changed files in this pull request and generated 3 comments.

Files not reviewed (1)
  • tools/testdata/repositories/semgrep/expected.sarif: Language not supported

machadoit
machadoit reviewed Apr 11, 2025
View reviewed changes
Copy link
Member

@machadoit machadoit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor comments, LGMT!

tools/semgrepRunner.go Outdated
}

// Check if a config file exists in the expected location and use it if present
if configFile, exists := ConfigFileExists(config.Config, ".semgrep.yml"); exists {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While we improve this to rely on the API info, do you want to update this to receive a list of file config names?

configurationFilenames: [
".semgrep.yaml",
".semgrep.yml"
],

Just to check for the .yaml and .yml to avoid problems

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done, AI did this ... version which is okish I think

zhamborova
zhamborova approved these changes Apr 14, 2025
View reviewed changes
Copy link
Contributor

@zhamborova zhamborova left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@andrzej-janczak andrzej-janczak merged commit 396a734 into feature/semgrep Apr 14, 2025
8 checks passed
andrzej-janczak added a commit that referenced this pull request Apr 17, 2025
@andrzej-janczak
Semgrep installation and running (#73) [Pluto-1390]
31460f1
@andrzej-janczak andrzej-janczak mentioned this pull request Apr 17, 2025
Merged
andrzej-janczak added a commit that referenced this pull request Apr 17, 2025
@andrzej-janczak
Feature: Add Semgrep tool (#82)
333782d 
* Semgrep installation and running (#73) [Pluto-1390]
* Semgrep config initilaization (#76) [Pluto-1391]
* Refactor Semgrep analysis function to return error (#76)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot

@machadoit machadoit

@zhamborova zhamborova

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@andrzej-janczak @machadoit @zhamborova