Original Post: How we made Semgrep rules run on Semgrep rules
Semgrep, a tool for finding security bugs and anti-patterns in code, now supports YAML. This enables the scanning of various configurations, including Kubernetes and CircleCI workflows, as well as Semgrep’s own rules. Since Semgrep rules are YAML-based, the added support allows developers to detect errors within these rules. Although the initial YAML parser lacked location reporting, enhancements now permit precise error location. Additionally, YAML patterns can replace ellipses with a special syntax for better parsing. Although still in alpha with limitations, this feature allows for new rules that validate YAML configurations and identify redundant or contradictory patterns. Furthermore, existing JSON rules can now also be applied to YAML files. This enhancement opens up new possibilities for securing and optimizing YAML code.
You can explore this new feature in Semgrep’s online editor and contribute by reporting any issues or suggestions.
Go here to read the Original Post