Configure semgrep scan [VPNAND-1944].

2026-03-13 09:02:15 +08:00 · 2024-10-17 12:49:01 +02:00
parent 50b07ae5bd
commit c7a1fcf1c4
1 changed files with 9 additions and 0 deletions
--- a/.semgrep.yml
+++ b/.semgrep.yml
@@ -0,0 +1,9 @@
+exclude:
+# we already run gitleaks separately, no need for duplicate reports
+- generic.secrets.gitleaks.
+# semgrepignore changes are being reviewed in MRs
+- generic.ci.audit.changed-semgrepignore.changed-semgrepignore
+# low quality rules with high number of false positives
+- MSTG-
+# low quality rules that trigger on words like 'key' or 'Log'
+- mobsf.mobsfscan.android.