René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Add semgrep as new scanner for static analysis","articleBody":"## 🚓  New Scanner implementation request\r\n\r\n### Is your feature request related to a problem\r\nAs a secureCodeBox user I would like to use [semgrep](https://semgrep.dev/) for static application security testing.\r\n\r\n### Describe the solution you'd like\r\nIntegrate semgrep as a SAST scanner. Provide how-tos and parser.\r\n\r\n### Describe alternatives you've considered\r\n[Snyk Code](https://snyk.io/product/snyk-code)\r\n\r\n### Additional context\r\n* https://github.com/returntocorp/semgrep\r\n* https://owasp.org/www-chapter-newcastle-uk/presentations/2021-02-23-semgrep.pdf\r\n\r\n## Steps to implement a new scanner\r\nHint: A general guide how to implement a new SCB scanner is documented [here](https://docs.securecodebox.io/docs/contributing/integrating-a-scanner)\r\n\r\n- [ ] Create a new folder with the name of the [scanner here](https://github.com/secureCodeBox/secureCodeBox/tree/master/scanners)\r\n- [ ] Add a `README.gotmpl` and give a [brief overview](https://docs.securecodebox.io/docs/contributing/integrating-a-scanner/readme) of the scanner and its configuration options.\r\n- [ ] Add a HelmChart and document all configuration options.\r\n- [ ] Implement a new scanner specific `scan-type.yaml`\r\n- [ ] Implement a new scanner specific `parse-definition.yaml`\r\n- [ ] Add (optional) some `cascading-rules.yaml` like documented [here](https://docs.securecodebox.io/docs/api/crds/cascading-rule)\r\n- [ ] Add (optional) a `Dockerfile` for the scanner if there is no existing one publicly available on dockerHub\r\n- [ ] Use the [parser-SDK](https://github.com/secureCodeBox/secureCodeBox/tree/master/parser-sdk) to implement a new findings parser (currently based on NodeJS)\r\n- [ ] Add unit tests with at minimum 80% test coverage\r\n- [ ] Add some example `scan.yaml` and `finding.yaml` files in the [example folder](https://docs.securecodebox.io/docs/contributing/integrating-a-scanner/examples-dir)\r\n- [ ] Implement a [new integration or E2E test](https://docs.securecodebox.io/docs/contributing/integrating-a-scanner/integration-tests) for the hook [here](https://github.com/secureCodeBox/secureCodeBox/tree/master/tests/integration)\r\n","author":{"url":"https://github.com/ammerzon","@type":"Person","name":"ammerzon"},"datePublished":"2021-08-12T07:38:23.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":9},"url":"https://github.com/595/secureCodeBox/issues/595"}