I would like to get some ideas how to exclude files and folders in the sast testing. I have set up my sast in my .gitlab-ci.yml and have created my .semgrepignore file but it seems that it not being used. Can anyone help me?
Hi @tjmonsi, I’m one of the maintainers of Semgrep. Unfortunately .semgrepignore isn’t yet understood by GitLab’s Semgrep SAST analyzer, but there are some options!
You could add to your GitLab CI/CD pipeline Semgrep CI (here) which natively understands .semgrepignore, or follow along on the GitLab team’s MR that adds pre-scan file exclusion here.
I hope this helps!
Hi @dlukeomalley thanks for this. I will look into it. 