From 7d8ccda0c267df1a97c81f602890d935018a3866 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Proulx?=
 <76956526+fproulx-boostsecurity@users.noreply.github.com>
Date: Tue, 21 Jan 2025 13:19:42 -0500
Subject: [PATCH] BST-14065 - Updated semgrep modules (#195)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: François Proulx <76956526+fproulx-boostsecurity@users.noreply.github.com>
---
 scanners/boostsecurityio/semgrep-pro/module.yaml | 12 ++----------
 scanners/boostsecurityio/semgrep/module.yaml     |  4 ++--
 2 files changed, 4 insertions(+), 12 deletions(-)

diff --git a/scanners/boostsecurityio/semgrep-pro/module.yaml b/scanners/boostsecurityio/semgrep-pro/module.yaml
index 545208b..30b92e1 100644
--- a/scanners/boostsecurityio/semgrep-pro/module.yaml
+++ b/scanners/boostsecurityio/semgrep-pro/module.yaml
@@ -24,21 +24,13 @@ setup:
         echo "Error: SEMGREP_APP_TOKEN environment variable is not set."
         exit 1
       fi
-  - name: Build Docker with Semgrep Pro pre-installed
-    environment:
-      SEMGREP_IMAGE: returntocorp/semgrep:1.74.0@sha256:cffeb57efaaffe57811b7fd740e4ee6313dbfaf6b364bb5cce52a8e506d35f42
-    run: |
-      export DOCKER_BUILDKIT=1
-      echo "FROM ${SEMGREP_IMAGE}" > Dockerfile
-      echo "RUN --mount=type=secret,id=SEMGREP_APP_TOKEN /bin/sh -c 'SEMGREP_APP_TOKEN=\$(cat /run/secrets/SEMGREP_APP_TOKEN) semgrep install-semgrep-pro'" >> Dockerfile
-      docker build --secret id=SEMGREP_APP_TOKEN -t semgrep-with-pro-engine:latest .
 
 steps:
   - scan:
       command:
         docker:
-          image: semgrep-with-pro-engine:latest
-          command: semgrep scan --pro --sarif --quiet --disable-version-check .
+          image: returntocorp/semgrep:1.103.0@sha256:3978a2b4e6c2cbd4eee04b0f05d5ca4a82e6526dc89e01a5dcbb941cedafb393
+          command: semgrep scan --pro-intrafile --sarif --quiet --disable-version-check .
           workdir: /src
           environment:
             XDG_CONFIG_HOME: /tmp
diff --git a/scanners/boostsecurityio/semgrep/module.yaml b/scanners/boostsecurityio/semgrep/module.yaml
index 24c5bc3..083bb5d 100644
--- a/scanners/boostsecurityio/semgrep/module.yaml
+++ b/scanners/boostsecurityio/semgrep/module.yaml
@@ -22,8 +22,8 @@ steps:
   - scan:
       command:
         docker:
-          image: returntocorp/semgrep:1.74.0@sha256:cffeb57efaaffe57811b7fd740e4ee6313dbfaf6b364bb5cce52a8e506d35f42
-          command: semgrep scan --sarif --quiet --disable-version-check .
+          image: returntocorp/semgrep:1.103.0@sha256:3978a2b4e6c2cbd4eee04b0f05d5ca4a82e6526dc89e01a5dcbb941cedafb393
+          command: semgrep scan --oss-only --sarif --quiet --disable-version-check .
           workdir: /src
           environment:
             XDG_CONFIG_HOME: /tmp