Comments (5)
To add a bit more context: I'm working on a multi-workspace project, and the "Scan changed files" doesn't seem to do anything 👀
from semgrep-vscode.
Hmm, it may be an issue with multiworkspace projects. When running the CLI or extension on any workspace, if the top level directory is not a git repo, semgrep will default to scanning all files regardless of their git status, or git ignore status, and this can take a long time (a few minutes), if there's a lot. I'd say try opening a single workspace/repository, and see if you're still getting the same issue.
from semgrep-vscode.
Thanks, will do! 👍
from semgrep-vscode.
I checked and that seems to be the case. So, to be clear, I have a project configured such as this:
# workspace.code-workspace
{
"folders": [
{
"name": "Backend",
"path": "backend"
},
{
"name": "Frontend",
"path": "frontend"
}
}
Both backend
and frontend
are folders inside a git repo. Enabling "Only git dirty" doesn't work - however, it used to work before the last update.
As you mentioned, I believe the issue is that is not correctly detecting the git repository as it assumes it's going to be in the root of the project, but it needs to recursively go up until it finds one.
How can I help fix this? Any pointers to the relevant code?
Thanks for the great work!
from semgrep-vscode.
Enabling "Only git dirty" doesn't work - however, it used to work before the last update.
Pre version 1.0.0, the LSP was implemented very differently, and ultimately wasn't very maintainable in that state.
As you mentioned, I believe the issue is that is not correctly detecting the git repository as it assumes it's going to be in the root of the project, but it needs to recursively go up until it finds one.
Yup this is exactly the issue judging by your config
How can I help fix this? Any pointers to the relevant code?
Always happy to accept contributions, the changes you'd want to make would be on the semgrep CLI side, specifically when we check git status, and make that relative to workspace folders. I don't think this will be a quick fix though, and we do have plans to get to it eventually, but feel free to take a crack at it if you want!
from semgrep-vscode.
Related Issues (20)
- VS Code cannot find Semgrep path HOT 7
- Mention experimental status at top of readme HOT 1
- Use .semgrep.yml when present? HOT 3
- can not find semgrep installed by pip in WSL HOT 2
- [Feature request] Allow users to pass additional flags HOT 1
- Warn users of version mismatch HOT 3
- Publish semgrep to Open VSX HOT 1
- Custom rule with fix-regex does not work HOT 2
- Add configuration to show/hide metavar labelling HOT 2
- No such file or directory: 'semgrep-core' when installing semgrep with pipx HOT 1
- Extension unexpectedly doesn't run generic rules HOT 1
- `Client Semgrep: connection to server is erroring. Shutting down server.` HOT 2
- There should be some visual feedback when Semgrep finished scanning successfully HOT 3
- Exploring using Semgrep in Vscode through Docker HOT 2
- Unable to use behind proxy - REQUESTS_CA_BUNDLE environment variable not being respected
- Extension not running after latest Semgrep update HOT 2
- semgrep v1.5.2 for vscode is not working at all HOT 5
- Documentation needed HOT 2
- semgrep extension stops scan after 5-10 seconds of working HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from semgrep-vscode.