From c7a1fcf1c419abb78033aae5ebe4121456d2b584 Mon Sep 17 00:00:00 2001
From: Marcin Simonides <marcin.simonides@proton.ch>
Date: Thu, 17 Oct 2024 12:49:01 +0200
Subject: [PATCH] Configure semgrep scan [VPNAND-1944].

---
 .semgrep.yml | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 .semgrep.yml

diff --git a/.semgrep.yml b/.semgrep.yml
new file mode 100644
index 000000000..15eaa3bc5
--- /dev/null
+++ b/.semgrep.yml
@@ -0,0 +1,9 @@
+exclude:
+# we already run gitleaks separately, no need for duplicate reports
+- generic.secrets.gitleaks.
+# semgrepignore changes are being reviewed in MRs
+- generic.ci.audit.changed-semgrepignore.changed-semgrepignore
+# low quality rules with high number of false positives
+- MSTG-
+# low quality rules that trigger on words like 'key' or 'Log'
+- mobsf.mobsfscan.android.