81 lines
1.6 KiB
YAML
81 lines
1.6 KiB
YAML
# Recommended Semgrep Configuration
|
|
# Save as .semgrepconfig or semgrep.yml in your project root
|
|
|
|
# Rules to run
|
|
rules: p/security-audit
|
|
|
|
# Alternative: Specify multiple rulesets
|
|
# rules:
|
|
# - p/owasp-top-ten
|
|
# - p/cwe-top-25
|
|
# - path/to/custom-rules.yaml
|
|
|
|
# Paths to exclude from scanning
|
|
exclude:
|
|
- "*/node_modules/*"
|
|
- "*/vendor/*"
|
|
- "*/.venv/*"
|
|
- "*/venv/*"
|
|
- "*/dist/*"
|
|
- "*/build/*"
|
|
- "*/.git/*"
|
|
- "*/tests/*"
|
|
- "*/test/*"
|
|
- "*_test.go"
|
|
- "test_*.py"
|
|
- "*.test.js"
|
|
- "*.spec.js"
|
|
- "*.min.js"
|
|
- "*.bundle.js"
|
|
|
|
# Paths to include (optional - scans all by default)
|
|
# include:
|
|
# - "src/"
|
|
# - "app/"
|
|
# - "lib/"
|
|
|
|
# Maximum file size to scan (in bytes)
|
|
max_target_bytes: 1000000 # 1MB
|
|
|
|
# Timeout for each file (in seconds)
|
|
timeout: 30
|
|
|
|
# Number of jobs for parallel scanning
|
|
# jobs: 4
|
|
|
|
# Metrics and telemetry (disable for privacy)
|
|
metrics: off
|
|
|
|
# Autofix mode (use with caution)
|
|
# autofix: false
|
|
|
|
# Output format
|
|
# Can be: text, json, sarif, gitlab-sast, junit-xml, emacs, vim
|
|
# Set via CLI: semgrep --config=<this-file> --json
|
|
# output_format: text
|
|
|
|
# Severity thresholds
|
|
# Only report findings at or above this severity
|
|
# Can be: ERROR, WARNING, INFO
|
|
# min_severity: WARNING
|
|
|
|
# Scan statistics
|
|
# Show timing and performance stats
|
|
# time: false
|
|
# Show stats after scanning
|
|
# verbose: false
|
|
|
|
# CI/CD specific settings
|
|
# These are typically set via CLI or CI environment
|
|
|
|
# Fail on findings
|
|
# Set exit code 1 if findings are detected
|
|
# error: true
|
|
|
|
# Baseline commit for diff scanning
|
|
# baseline_commit: origin/main
|
|
|
|
# SARIF output settings (for GitHub Security, etc.)
|
|
# sarif:
|
|
# output: semgrep-results.sarif
|