👩💻 Join our community of thousands of amazing developers!
In summer 2021, the Vulnerability Research and Static Analysis teams launched the Google Summer of Code (GSoC) project: Write vulnerability detection rules for SAST. For this project, we built and implemented a framework to helps transition GitLab away from our current SAST tools over to Semgrep. Semgrep is a language-agnostic SAST tool that is gaining popularity in CI/CD environments. Before replacing an analyzer with the corresponding Semgrep configuration (called rule-sets), we need to ensure...