🚓 New Scanner implementation request

Is your feature request related to a problem

As a secureCodeBox user I would like to use semgrep for static application security testing.

Describe the solution you'd like

Integrate semgrep as a SAST scanner. Provide how-tos and parser.

Describe alternatives you've considered

Snyk Code

Additional context

• https://github.com/returntocorp/semgrep
• https://owasp.org/www-chapter-newcastle-uk/presentations/2021-02-23-semgrep.pdf

Steps to implement a new scanner

Hint: A general guide how to implement a new SCB scanner is documented here

• Create a new folder with the name of the scanner here
• Add a README.gotmpl and give a brief overview of the scanner and its configuration options.
• Add a HelmChart and document all configuration options.
• Implement a new scanner specific scan-type.yaml
• Implement a new scanner specific parse-definition.yaml
• Add (optional) some cascading-rules.yaml like documented here
• Add (optional) a Dockerfile for the scanner if there is no existing one publicly available on dockerHub
• Use the parser-SDK to implement a new findings parser (currently based on NodeJS)
• Add unit tests with at minimum 80% test coverage
• Add some example scan.yaml and finding.yaml files in the example folder
• Implement a new integration or E2E test for the hook here