Skip to content

TCE-1547: Bump Opengrep version to 1.23.0#28

Merged
stefanvacareanu7 merged 2 commits into
mainfrom
feat/tce-1547
Jul 1, 2026
Merged

TCE-1547: Bump Opengrep version to 1.23.0#28
stefanvacareanu7 merged 2 commits into
mainfrom
feat/tce-1547

Conversation

@heliocodacy

Copy link
Copy Markdown
Contributor

Summary

Bumps the Opengrep tool version from 1.21.0 to 1.23.0 in .tool_version.

Changes

  • Updated .tool_version to 1.23.0.
  • Re-ran the DocGenerator (go run ./cmd/docgen) per the README "Generate Docs" instructions. The opengrep-rules release branch no longer exists (the repo now uses main), and the rules commit pinned in internal/docgen/parsing.go (f1d2b562...) already matches the current main HEAD, so the generated docs produced no diff.

Validation

Trivy (trivy fs --exit-code 0 --severity HIGH,CRITICAL .)

Pre-existing HIGH/CRITICAL findings in transitive Go dependencies (golang.org/x/crypto, golang.org/x/net). Unrelated to this change, which only updates a version string — no new vulnerabilities introduced.

Docs generation

Ran go run ./cmd/docgen — completed successfully, no doc changes.

Integration tests (codacy-plugins-test)

Built the image with the new version and ran codacy-plugins-test multiple opengrepAll tests passed! (codacy-rules, language-support, sql, java, javascript, gitlab-rules, ai, i18n, exotic, default-patterns, etc.).

🤖 Generated with Claude Code

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings June 30, 2026 13:13

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the tool version in .tool_version from 1.21.0 to 1.23.0. There are no review comments, and I have no feedback to provide.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

@codacy-production

Copy link
Copy Markdown

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

AI Reviewer: first review requested successfully. AI can make mistakes. Always validate suggestions.

Run reviewer

TIP This summary will be updated as you push new changes.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Bumps the pinned Opengrep tool version used by this repository by updating the .tool_version file, aligning the project’s tooling with Opengrep 1.23.0.

Changes:

  • Updated .tool_version from 1.21.0 to 1.23.0.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@codacy-production codacy-production Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

The proposed changes are up to standards according to quality analysis. However, there are significant gaps in the verification of acceptance criteria. There is no evidence that integration tests were performed with the new tool version, nor that the documentation generator output was validated. These automated checks are essential to ensure compatibility and prevent regressions following the version bump.

Test suggestions

  • Execute plugin integration tests (codacy-plugins-test) with the new tool version
  • Run DocGenerator and verify output matches existing documentation
  • Run Trivy vulnerability scan on the built image
Prompt proposal for missing tests
Consider implementing these tests if applicable:
1. Execute plugin integration tests (codacy-plugins-test) with the new tool version
2. Run DocGenerator and verify output matches existing documentation
3. Run Trivy vulnerability scan on the built image

TIP Improve review quality by adding custom instructions
TIP How was this review? Give us feedback

The Dockerfile ARG OPENGREP_VERSION controls which opengrep binary is
downloaded at build time, but was still pinned to v1.21.0 while
.tool_version was already bumped to 1.23.0. Align it to v1.23.0.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@heliocodacy

Copy link
Copy Markdown
Contributor Author

Follow-up: completed Dockerfile bump + validation

While running the codacy-tools validation checklist I noticed the Opengrep version bump was incomplete: .tool_version was already 1.23.0, but the Dockerfile still pinned ARG OPENGREP_VERSION=v1.21.0. That ARG is what actually controls which opengrep binary is downloaded at image build time, so the published image would still have run 1.21.0. Pushed a fix to align it to v1.23.0.

Validation results

Doc generation (go run ./cmd/docgen): ran successfully; no changes to tracked docs (rules identical between 1.21.0 and 1.23.0).

Integration test (codacy-plugins-test multiple codacy-opengrep:latest, built from this branch): All tests passed.

codacy-rules-javascript should have 5 results ✓
language-support should have 73 results ✓
codacy-rules-sql should have 23 results ✓
codacy-rules should have 36 results ✓
default-patterns should have 6 results ✓
codacy-rules-java should have 4 results ✓
gitlab-rules should have 2 results ✓
without-config-file should have 4 results ✓
ai should have 1 results ✓
suggestions should have 1 results ✓
with-config-file should have 4 results ✓
i18n should have 115 results ✓
exotic should have 2 results ✓
[Success] All tests passed!

Trivy (trivy fs --severity HIGH,CRITICAL .): HIGH/CRITICAL findings exist in transitive Go dependencies (golang.org/x/crypto/ssh, golang.org/x/net), but these are pre-existing and unrelated to this version bump — no Go dependencies were changed.

@stefanvacareanu7 stefanvacareanu7 merged commit b16fb89 into main Jul 1, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants