File tree 3 files changed +12
-2
lines changed
3 files changed +12
-2
lines changed Original file line number Diff line number Diff line change @@ -32,3 +32,4 @@ coverage/
3232*.pb.*.go
3333*.bindata.go
3434*.spec.ts
35+ modernizr-custom.js
Original file line number Diff line number Diff line change @@ -16,10 +16,19 @@ revendor: ## revendor dependencies in protovendor/ and update .bldr.toml with de
1616 @scripts/revendor.sh
1717
1818semgrep : # # runs differential semgrep, checking only changes in the current PR, just as is done in Buildkite
19- @if [[ -z " ${SEMGREP_TOKEN} " || -z " ${SEMGREP_ID} " ; then echo $(SEMGREP_MSG ) ; else docker run -it --rm --init $(DOCKER_PARAMS ) $(SEMGREP_REPO ) $(SEMGREP_CONTAINER ) python $(SEMGREP_COMMON_PARAMS ) --baseline-ref $(shell git merge-base master head ) ; fi
19+ @if [[ -z " ${SEMGREP_TOKEN} " || -z " ${SEMGREP_ID} " ; then echo $(SEMGREP_MSG ) ; else docker run -it --rm --init $(DOCKER_PARAMS ) $(SEMGREP_REPO ) $(SEMGREP_CONTAINER ) python $(SEMGREP_COMMON_PARAMS ) --baseline-ref $(shell git merge-base master HEAD ) ; fi
2020
2121semgrep-all : # # runs full semgrep but filters out the insignificant issues reported by semgrep-legacy; this is what runs nightly in Buildkite
2222 @if [[ -z " ${SEMGREP_TOKEN} " || -z " ${SEMGREP_ID} " ; then echo $(SEMGREP_MSG ) ; else docker run -it --rm --init $(DOCKER_PARAMS ) $(SEMGREP_NIGHTLY_REPO ) $(SEMGREP_CONTAINER ) python $(SEMGREP_COMMON_PARAMS ) ; fi
2323
2424semgrep-legacy : # # runs full semgrep including findings for existing issues that are not significant
2525 @if [[ -z " ${SEMGREP_TOKEN} " || -z " ${SEMGREP_ID} " ; then echo $(SEMGREP_MSG ) ; else docker run -it --rm --init $(DOCKER_PARAMS ) $(SEMGREP_REPO ) $(SEMGREP_CONTAINER ) python $(SEMGREP_COMMON_PARAMS ) ; fi
26+
27+
28+ # For exploring new rulesets before integrating with CI.
29+ # For convenience, this uses all the ignores from Makefile.common_go and automate-ui/Makefile.
30+ # Ruleset choices come from https://semgrep.dev/explore.
31+ # Example: `make semgrep-test/rc2-bug-scan`
32+ SEMGREP_IGNORE := --exclude third_party --exclude *_test.go --exclude *.pb.go --exclude *.pb.*.go --exclude *.bindata.go --exclude *.spec.ts --exclude coverage --exclude modernizr-custom.js
33+ semgrep-test/% :
34+ semgrep --config " p/$( @F) " $(SEMGREP_IGNORE )
Original file line number Diff line number Diff line change @@ -11,7 +11,7 @@ NG_CMD := npm run ng --
1111REPOROOT =../..
1212
1313# Semgrep by default respects .gitignore; these are additive:
14- SEMGREP_IGNORE := --exclude *.spec.ts --exclude coverage
14+ SEMGREP_IGNORE := --exclude *.spec.ts --exclude coverage --exclude modernizr-custom.js
1515SEMGREP_CONFIG := https://semgrep.dev/p/r2c-ci
1616
1717
You can’t perform that action at this time.
0 commit comments