Merge pull request #6 from MetaMask/ellul/semgrep-local

NicholasEllul · web-flow · commit 3e845e373017 · 2025-01-22T07:51:28.000-05:00
Add binary to assist in local semgrep scanning
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -65,7 +65,7 @@ rules:
 <img width="600" alt="" src="https://github.com/user-attachments/assets/e918311f-94d8-4be0-86d8-cc6c30853740" />
 
 
-## Testing Your Rules
+## Writing Tests For Your Rules
 
 Testing is a critical step in ensuring the quality and reliability of your rules. Follow these steps:
 
@@ -87,6 +87,16 @@ Testing is a critical step in ensuring the quality and reliability of your rules
      ./bin/test
      ```
 
+## Testing Rules Against Local Repositories
+
+If you would like to test your rules against a local folder or directory on your machine, you can run the following command to perform a local scan:
+
+```bash
+./bin/scan path/to/directory
+```
+
+Note that Semgrep will scan _all_ files within the specified directory. In other words, if the directory contains multiple repositories, all of them will be scanned at once.
+
 ## Contribution Workflow
 
 1. Create a new branch from the main branch for your changes.
diff --git a/README.md b/README.md
@@ -11,4 +11,6 @@ This repository is home to the GitHub action workflow that will run perform a se
     with:
         # optional string parameter
         paths_ignored: ...
-```
+```
+
+For information on how to contribute rules to this repository, please see https://github.com/MetaMask/semgrep-action/blob/main/CONTRIBUTING.md.
diff --git a/bin/scan b/bin/scan
@@ -0,0 +1,10 @@
+#!/bin/bash
+# Run semgrep locally against a directory
+
+if [ -z "$1" ]; then
+    echo "Usage: $0 <path/to/directory>"
+    exit 1
+fi
+
+# Run semgrep locally against the provided directory
+semgrep --config rules/src/ "$1"
