Skip to content

Commit 1bfb2d4

Browse files
authored
Improve Semgrep CI (sonic-net#18577)
### What I did Semgrep's default ruleset (p/default) somehow lost some important rules #### How I did it Keep use p/default and add another rule #### How to verify it Added test code to this PR and Semgrep CI failed Failed result: https://github.com/sonic-net/sonic-buildimage/actions/runs/8574699788/job/23502068624
1 parent be01b37 commit 1bfb2d4

File tree

1 file changed

+5
-1
lines changed

1 file changed

+5
-1
lines changed

.github/workflows/semgrep.yml

+5-1
Original file line numberDiff line numberDiff line change
@@ -19,4 +19,8 @@ jobs:
1919
- uses: actions/checkout@v3
2020
- run: semgrep ci
2121
env:
22-
SEMGREP_RULES: p/default
22+
SEMGREP_RULES: |
23+
p/default
24+
r/python.lang.security.audit.dangerous-system-call-audit.dangerous-system-call-audit
25+
r/c.lang.security.insecure-use-strcat-fn.insecure-use-strcat-fn
26+
r/c.lang.security.insecure-use-string-copy-fn.insecure-use-string-copy-fn

0 commit comments

Comments
 (0)