Proposal to add semgrep to CI/CD

Hi guys, during the secure software development course held by M. Andreolini the professor showed us a very powerful software: [semgrep](https://semgrep.dev/).
This software allows you to do static analysis of software sources and identify vulnerable patterns starting from [rules written in YAML format](https://semgrep.dev/docs/writing-rules/overview/).
[Semgrep is open source](https://github.com/returntocorp/semgrep) and [in the free version around 1000 rules are offered](https://github.com/returntocorp/semgrep-rules), if desired there is also [the premium version of the rules](https://semgrep.dev/pricing).
Also it is possible to integrate semgrep into the github CI using or not their cloud platform, in the second case there are [these limitations](https://semgrep.dev/docs/semgrep-ci/running-semgrep-ci-without-semgrep-cloud-platform/#limitations-of-semgrep-stand-alone-ci-scans).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Proposal to add semgrep to CI/CD #174

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Proposal to add semgrep to CI/CD #174

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions