Merge pull request #1127 from secureCodeBox/dependencies/upgrading-semgrep-to-0.89.0

J12934 · web-flow · commit dffe77b6a807 · 2022-05-12T16:44:05.000+02:00
[SCB-Bot] Upgraded semgrep from 0.85.0 to 0.92.0
diff --git a/scanners/semgrep/Chart.yaml b/scanners/semgrep/Chart.yaml
@@ -18,7 +18,7 @@ version: "v3.1.0-alpha1"
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.85.0"
+appVersion: "0.92.0"
 annotations:
   versionApi: https://api.github.com/repos/returntocorp/semgrep/releases/latest
 kubeVersion: ">=v1.11.0-0"
diff --git a/scanners/semgrep/README.md b/scanners/semgrep/README.md
@@ -3,7 +3,7 @@ title: "Semgrep"
 category: "scanner"
 type: "Repository"
 state: "released"
-appVersion: "0.85.0"
+appVersion: "0.92.0"
 usecase: "Static Code Analysis"
 ---
 
@@ -195,7 +195,7 @@ Kubernetes: `>=v1.11.0-0`
 | scanner.securityContext.capabilities.drop[0] | string | `"all"` |  |
 | scanner.securityContext.privileged | bool | `false` |  |
 | scanner.securityContext.readOnlyRootFilesystem | bool | `false` |  |
-| scanner.securityContext.runAsNonRoot | bool | `true` |  |
+| scanner.securityContext.runAsNonRoot | bool | `false` |  |
 | scanner.tolerations | list | `[]` | Optional tolerations settings that control how the scanner job is scheduled (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
 | scanner.ttlSecondsAfterFinished | string | `nil` |  |
 
diff --git a/scanners/semgrep/docs/README.ArtifactHub.md b/scanners/semgrep/docs/README.ArtifactHub.md
@@ -200,7 +200,7 @@ Kubernetes: `>=v1.11.0-0`
 | scanner.securityContext.capabilities.drop[0] | string | `"all"` |  |
 | scanner.securityContext.privileged | bool | `false` |  |
 | scanner.securityContext.readOnlyRootFilesystem | bool | `false` |  |
-| scanner.securityContext.runAsNonRoot | bool | `true` |  |
+| scanner.securityContext.runAsNonRoot | bool | `false` |  |
 | scanner.tolerations | list | `[]` | Optional tolerations settings that control how the scanner job is scheduled (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
 | scanner.ttlSecondsAfterFinished | string | `nil` |  |
 
diff --git a/scanners/semgrep/docs/README.DockerHub-Parser.md b/scanners/semgrep/docs/README.DockerHub-Parser.md
@@ -42,7 +42,7 @@ You can find resources to help you get started on our [documentation website](ht
 
 ## Supported Tags
 - `latest`  (represents the latest stable release build)
-- tagged releases, e.g. `0.85.0`
+- tagged releases, e.g. `0.92.0`
 
 ## How to use this image
 This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/semgrep.
diff --git a/scanners/semgrep/integration-tests/semgrep.test.js b/scanners/semgrep/integration-tests/semgrep.test.js
@@ -15,14 +15,6 @@ test(
       [
         "-c",
         "p/ci",
-        // Exclude subfolders beginning with .. to work around a strange
-        // interaction between Kubernetes and Semgrep: Kubernetes stores
-        // ConfigMap files in a hidden subdirectory and links to them.
-        // This leads to the file being found twice by semgrep. We thus
-        // exclude the relevant subdirectory from the integration test
-        // scans to avoid getting double the number of matches.
-        "--exclude",
-        "..*",
         "/test/",
       ],
       90,
diff --git a/scanners/semgrep/values.yaml b/scanners/semgrep/values.yaml
@@ -44,7 +44,7 @@ scanner:
   extraContainers: []
 
   securityContext:
-    runAsNonRoot: true
+    runAsNonRoot: false
     readOnlyRootFilesystem: false
     allowPrivilegeEscalation: false
     privileged: false
