Feature Request: Allow "--validate" to be ran with local semgrep-rule-lints (i.e. without internet connectivity) #65
Description
Is your feature request related to a problem? Please describe.
Unable to run opengrep --validate in a restricted CI environment because it requires an external network call to https://semgrep.dev/p/semgrep-rule-lints
Describe the solution you'd like
I would like the option to be able to load semgrep-rule-lints from a local directory similar to how you can do with --config so it doesn't make an external network call
Describe alternatives you've considered
Manual validation (this does not scale, hence the CI automation need)
Implementing a custom tool/script to perform rule validation (Keeping this within Opengrep itself would be preferred)
Use case
What will this feature enable for you?
Allow validation of semgrep rules in a restricted CI environment that doesn't allow external network calls for security reasons
Additional context
- https://semgrep.dev/docs/writing-rules/testing-rules#validating-rules
- There are quite a few issues requesting this feature on the semgrep project. Discussions on the current open issue (Semgrep tries to pull registry when
--validateis on semgrep/semgrep#4620) seems to either not prioritize it or are opposed. Restricted CI environments are pretty common so it would be great to see this supported