Situation:
The situation occurs when the user excludes a rule using the -x switch while scanning a local package.
Explaination:
The program attempts to only run sourcecode rules on a folder but the rules are not correctly set.
Result:
The program produces an error while trying to load semgrep rules using metadata rule names.
poetry run guarddog npm scan /tmp/sample.tar.gz --output-format=json -x npm-dll-hijacking
{ ...
"errors": {"rules-all": "failed to run rule: \nAn error occurred when running Semgrep....
`...guarddog/analyzer/sourcecode/direct_url_dependency.yml` does not exist\", \"type\": \"SemgrepError\"}
`.../guarddog/analyzer/sourcecode/npm_metadata_mismatch.yml` does not exist\", \"type\": \"SemgrepError\"}
Situation: The situation occurs when the user excludes a rule using the
-x
switch while scanning a local package.Explaination: The program attempts to only run sourcecode rules on a folder but the rules are not correctly set.
Result: The program produces an error while trying to load semgrep rules using metadata rule names.