Skip to content

feat: Semgrep plugin integration #2877

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 18 commits into from
Jan 24, 2023
Merged

feat: Semgrep plugin integration #2877

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
99af416
wip: semgrep sql script
iamayushm Jan 17, 2023
8b929e7
semgrep sql scrit
iamayushm Jan 20, 2023
522f11d
wip: adding down script
iamayushm Jan 20, 2023
fbbd81d
Merge branch 'main' into semgrep_plugin_integration
iamayushm Jan 20, 2023
d8eb81b
correcting sql script id
iamayushm Jan 20, 2023
7ebba69
Merge branch 'main' into semgrep_plugin_integration
iamayushm Jan 23, 2023
9d53043
fix sql script for semgrep plugin integration
vikramdevtron Jan 23, 2023
8617a5e
Merge remote-tracking branch 'origin/semgrep_plugin_integration' into…
iamayushm Jan 23, 2023
f6cab3b
fix semgrep sql insert
vikramdevtron Jan 23, 2023
a95247f
Merge remote-tracking branch 'origin/semgrep_plugin_integration' into…
iamayushm Jan 23, 2023
26e901b
adding semgrep icon link
iamayushm Jan 23, 2023
e3692d6
modifying variable description
iamayushm Jan 23, 2023
3ddd4bf
adding option to pass semgrep api token from secret
iamayushm Jan 23, 2023
e52a5e9
adding description for semgrep app token
iamayushm Jan 23, 2023
16176e6
changing semgrep logo
iamayushm Jan 24, 2023
14767cd
changing variable description
iamayushm Jan 24, 2023
dc81b03
modifying description
iamayushm Jan 24, 2023
28c4d4c
Merge branch 'main' into semgrep_plugin_integration
iamayushm Jan 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added assets/semgrep.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 1 addition & 1 deletion cmd/external-app/wire_gen.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 6 additions & 0 deletions scripts/sql/108_create_semgrep_plugin.down.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
DELETE FROM plugin_step_variable WHERE name = 'SemgrepAppToken';
DELETE FROM plugin_step_variable WHERE name = 'PrefixAppNameInSemgrepBranchName';
DELETE FROM plugin_step_variable WHERE name = 'UseCommitAsSemgrepBranchName';
DELETE FROM plugin_step_variable WHERE name = 'SemgrepAppName';
DELETE FROM plugin_step_variable WHERE name = 'ExtraCommandArguments';
DELETE FROM plugin_step_variable WHERE name = 'GIT_MATERIAL_REQUEST';
87 changes: 87 additions & 0 deletions scripts/sql/108_create_semgrep_plugin.up.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
INSERT INTO "plugin_metadata" ("id", "name", "description","type","icon","deleted", "created_on", "created_by", "updated_on", "updated_by") VALUES (nextval('id_seq_plugin_metadata'), 'Semgrep','Semgrep is a fast, open source, static analysis engine for finding bugs, detecting dependency vulnerabilities, and enforcing code standards.','PRESET','https://raw.githubusercontent.com/devtron-labs/devtron/main/assets/semgrep.png','f', 'now()', 1, 'now()', 1);

INSERT INTO "plugin_tag_relation" ("id", "tag_id", "plugin_id", "created_on", "created_by", "updated_on", "updated_by") VALUES (nextval('id_seq_plugin_tag_relation'), 2, (SELECT id FROM plugin_metadata WHERE name='Semgrep'),'now()', 1, 'now()', 1);
INSERT INTO "plugin_tag_relation" ("id", "tag_id", "plugin_id", "created_on", "created_by", "updated_on", "updated_by") VALUES (nextval('id_seq_plugin_tag_relation'), 3, (SELECT id FROM plugin_metadata WHERE name='Semgrep'),'now()', 1, 'now()', 1);

INSERT INTO "plugin_pipeline_script" ("id", "script","type","deleted","created_on", "created_by", "updated_on", "updated_by")
VALUES (
nextval('id_seq_plugin_pipeline_script'),
'#!/bin/sh
set -eo pipefail
chmod 741 /devtroncd
chmod 741 /devtroncd/*
apk add py3-pip
pip install pip==21.3.1
pip install semgrep
export SEMGREP_APP_TOKEN=$SemgrepAppToken
SemgrepTokenLen=$(echo -n $SEMGREP_APP_TOKEN | wc -m)
if [ $((SemgrepTokenLen)) == 0 ]
then
SEMGREP_APP_TOKEN=$SEMGREP_API_TOKEN
Copy link
Contributor

@vikramdevtron vikramdevtron Jan 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we need to export this token again

Copy link
Contributor Author

@iamayushm iamayushm Jan 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it is already exported and we are assigning value to already exported token.

fi
CiMaterialsEnv=$GIT_MATERIAL_REQUEST
repoName=""
checkoutPath=""
branchName=""
gitHash=""
materials=$(echo $CiMaterialsEnv | tr "|" "\n")
for material in $materials
do
data=$(echo $material | tr "," "\n")
i=0
for d in $data
do
if [ $((i)) == 0 ]
then
repoName=$d
elif [ $((i)) == 1 ]
then
checkoutPath=$d
elif [ $((i)) == 2 ]
then
branchName=$d
elif [ $((i)) == 3 ]
then
gitHash=$d
fi
i=$((i+1))
done
#docker run --rm --env SEMGREP_APP_TOKEN=$SemgrepAppToken --env SEMGREP_REPO_NAME=$repoName --env SEMGREP_BRANCH=$branchName -v "${PWD}/:/src/" returntocorp/semgrep semgrep ci
cd /devtroncd
cd $checkoutPath
export SEMGREP_REPO_NAME=$repoName
if [ $UseCommitAsSemgrepBranchName == true -a $PrefixAppNameInSemgrepBranchName == true ]
then
export SEMGREP_BRANCH="$SemgrepAppName - $gitHash"
elif [ $PrefixAppNameInSemgrepBranchName == true ]
then
export SEMGREP_BRANCH="$SemgrepAppName - $branchName"
elif [ $UseCommitAsSemgrepBranchName == true ]
then
export SEMGREP_BRANCH=$gitHash
else
export SEMGREP_BRANCH=$branchName
fi
semgrep ci --json $ExtraCommandArguments
done'
,
'SHELL',
'f',
'now()',
1,
'now()',
1
);

INSERT INTO "plugin_step" ("id", "plugin_id","name","description","index","step_type","script_id","deleted", "created_on", "created_by", "updated_on", "updated_by") VALUES (nextval('id_seq_plugin_step'), (SELECT id FROM plugin_metadata WHERE name='Semgrep'),'Step 1','Step 1 - Dependency Track for Semgrep','1','INLINE',(SELECT last_value FROM id_seq_plugin_pipeline_script),'f','now()', 1, 'now()', 1);

INSERT INTO "plugin_step_variable" ("id", "plugin_step_id", "name", "format", "description", "is_exposed", "allow_empty_value", "variable_type", "value_type", "variable_step_index", "deleted", "created_on", "created_by", "updated_on", "updated_by") VALUES
(nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Semgrep' and ps."index"=1 and ps.deleted=false), 'SemgrepAppToken','STRING','If provided, this token will be used. If not provided it will be picked from secret.',true,true,'INPUT','NEW',1 ,'f','now()', 1, 'now()', 1),
(nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Semgrep' and ps."index"=1 and ps.deleted=false), 'PrefixAppNameInSemgrepBranchName','BOOL','if true, this will add app name with branch name: {SemgrepAppName}-{branchName}.',true,false,'INPUT','NEW',1 ,'f','now()', 1, 'now()', 1),
(nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Semgrep' and ps."index"=1 and ps.deleted=false), 'UseCommitAsSemgrepBranchName','BOOL','if true, this will add app name with commit hash: {SemgrepAppName}-{CommitHash}',true,false,'INPUT','NEW',1 ,'f','now()', 1, 'now()', 1),
(nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Semgrep' and ps."index"=1 and ps.deleted=false), 'SemgrepAppName','STRING','if provided and PrefixAppNameInSemgrepBranchName is true, then this will be prefixed with branch name/ commit hash',true,false,'INPUT','NEW',1 ,'f','now()', 1, 'now()', 1),
(nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Semgrep' and ps."index"=1 and ps.deleted=false), 'ExtraCommandArguments','STRING','Extra Command arguments for semgrep CI command. eg input: --json --dry-run.',true,true,'INPUT','NEW',1 ,'f','now()', 1, 'now()', 1);

INSERT INTO "plugin_step_variable" ("id", "plugin_step_id", "name", "format", "description", "is_exposed", "allow_empty_value","value","variable_type", "value_type", "variable_step_index",reference_variable_name, "deleted", "created_on", "created_by", "updated_on", "updated_by") VALUES
(nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Semgrep' and ps."index"=1 and ps.deleted=false), 'GIT_MATERIAL_REQUEST','STRING','git material data',false,true,3,'INPUT','GLOBAL',1 ,'GIT_MATERIAL_REQUEST','f','now()', 1, 'now()', 1);

4 changes: 2 additions & 2 deletions wire_gen.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.