This adds SAST scanning to the repo, which will automatically be required to pass for PRs
Along with this change, some default findings from semgrep are addressed or ignored. Most notably, the docker container no longer runs as root.
Custom semgrep rules are also added.
In the process of considering adding SAST, @asullivan-blze noticed that cookie security could be increased. A custom semgrep rule is added to catch the issue in the future, and the existing secure cookie arguments have been updated
How was this tested?
This has been tested locally to confirm everything appears to be working
Checklist
[x] Have you updated the VERSION file (if applicable)?
m4wh6k
commented
2 years ago
What and why?
This adds SAST scanning to the repo, which will automatically be required to pass for PRs
Along with this change, some default findings from semgrep are addressed or ignored. Most notably, the docker container no longer runs as root.
Custom semgrep rules are also added.
In the process of considering adding SAST, @asullivan-blze noticed that cookie security could be increased. A custom semgrep rule is added to catch the issue in the future, and the existing secure cookie arguments have been updated
How was this tested?
This has been tested locally to confirm everything appears to be working
Checklist