feat(opengrep): disabled while troubleshooting

.ash/.ash.yaml

@@ -40,41 +40,41 @@ reporters:
     enabled: false
   yaml:
     enabled: false
-scanners:
-  bandit:
-    enabled: true
-    options:
-      confidence_level: all
-      ignore_nosec: false
-      config_file: .ash/bandit.yaml
-  cdk-nag:
-    enabled: true
-    options:
-      nag_packs:
-        AwsSolutionsChecks: true
-        HIPAASecurityChecks: true
-        NIST80053R4Checks: true
-        NIST80053R5Checks: true
-        PCIDSS321Checks: true
-  cfn-nag:
-    enabled: true
-  checkov:
-    enabled: true
-    options:
-      frameworks:
-        - all
-      additional_formats:
-        - cyclonedx_json
-      skip_path: []
-  detect-secrets:
-    enabled: true
-  npm-audit:
-    enabled: true
-  grype:
-    enabled: true
-  opengrep:
-    enabled: true
-  semgrep:
-    enabled: false
-  syft:
-    enabled: true
+# scanners:
+#   bandit:
+#     enabled: true
+#     options:
+#       confidence_level: all
+#       ignore_nosec: false
+#       config_file: .ash/bandit.yaml
+#   cdk-nag:
+#     enabled: true
+#     options:
+#       nag_packs:
+#         AwsSolutionsChecks: true
+#         HIPAASecurityChecks: true
+#         NIST80053R4Checks: true
+#         NIST80053R5Checks: true
+#         PCIDSS321Checks: true
+#   cfn-nag:
+#     enabled: true
+#   checkov:
+#     enabled: true
+#     options:
+#       frameworks:
+#         - all
+#       additional_formats:
+#         - cyclonedx_json
+#       skip_path: []
+#   detect-secrets:
+#     enabled: true
+#   npm-audit:
+#     enabled: true
+#   grype:
+#     enabled: true
+#   opengrep:
+#     enabled: true
+#   semgrep:
+#     enabled: false
+#   syft:
+#     enabled: true

.pre-commit-config.yaml

@@ -43,7 +43,7 @@ repos:
           - --output-dir=.ash/ash_output_precommit_local
           - --no-cleanup
   - repo: https://github.com/awslabs/automated-security-helper
-    rev: 047e88927909b3c353b4a29bbb743bdda740c237 # pragma: allowlist secret
+    rev: 341a4ddb61088d61a8b3792100f50f4866997fcd # pragma: allowlist secret
     hooks:
       - id: ash-simple-scan
         args:

automated_security_helper/core/metrics_table.py

@@ -56,7 +56,7 @@ def generate_metrics_table(
         Table: Rich table with scanner metrics
     """
     # Create a table
-    table = Table(title="ASH Scan Results Summary", expand=True)
+    table = Table(title="ASH Scan Results Summary", expand=False)
 
     # Determine if we should use shortened headers based on terminal width
     use_short_headers = False
@@ -476,7 +476,10 @@ def display_metrics_table(
             "- [bold]*Example*[/bold]: With MEDIUM threshold, findings of MEDIUM, HIGH, or CRITICAL severity will cause a failure"
         )
         help_panel = Panel(
-            help_text, title="Results Guide", border_style="blue", expand=True
+            help_text,
+            title="Results Guide",
+            border_style="blue",
+            expand=False,
         )
 
         # Print everything with some spacing

automated_security_helper/scanners/ash_default/opengrep_scanner.py

@@ -15,7 +15,6 @@
     IgnorePathWithReason,
     ToolExtraArg,
 )
-from automated_security_helper.plugins.decorators import ash_scanner_plugin
 from automated_security_helper.base.scanner_plugin import (
     ScannerPluginBase,
 )
@@ -95,13 +94,14 @@ class OpengrepScannerConfigOptions(ScannerOptionsBase):
 
 class OpengrepScannerConfig(ScannerPluginConfigBase):
     name: Literal["opengrep"] = "opengrep"
-    enabled: bool = True
+    enabled: bool = False
     options: Annotated[
         OpengrepScannerConfigOptions, Field(description="Configure Opengrep scanner")
     ] = OpengrepScannerConfigOptions()
 
 
-@ash_scanner_plugin
+### Currently troubleshooting this plugin - @scrthq - 2025-05-07
+# @ash_scanner_plugin
 class OpengrepScanner(ScannerPluginBase[OpengrepScannerConfig]):
     """OpengrepScanner implements code scanning using Opengrep."""
 

automated_security_helper/schemas/AshAggregatedResults.json

@@ -1572,7 +1572,7 @@
               }
             },
             "opengrep": {
-              "enabled": true,
+              "enabled": false,
               "name": "opengrep",
               "options": {
                 "config": "auto",
@@ -3212,8 +3212,8 @@
           "default": null,
           "description": "Asserts the identity of the component using the OmniBOR Artifact ID. The OmniBOR, if specified, must be valid and conform to the specification defined at: [https://www.iana.org/assignments/uri-schemes/prov/gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.",
           "examples": [
             "gitoid:blob:sha1:a94a8fe5ccb19ba61c4c0873d391e987982fbbd3",
             "gitoid:blob:sha256:9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"
           ],
           "title": "OmniBOR Artifact Identifier (gitoid)"
         },
@@ -3345,7 +3345,7 @@
           "default": null,
           "description": "Asserts the identity of the component using the Software Heritage persistent identifier (SWHID). The SWHID, if specified, must be valid and conform to the specification defined at: [https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html](https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.",
           "examples": [
             "swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2"
           ],
           "title": "Software Heritage Identifier"
         },
@@ -10474,7 +10474,7 @@
       "additionalProperties": true,
       "properties": {
         "enabled": {
-          "default": true,
+          "default": false,
           "title": "Enabled",
           "type": "boolean"
         },
@@ -15079,7 +15079,7 @@
         "opengrep": {
           "$ref": "#/$defs/OpengrepScannerConfig",
           "default": {
-            "enabled": true,
+            "enabled": false,
             "name": "opengrep",
             "options": {
               "config": "auto",

automated_security_helper/schemas/AshConfig.json

@@ -334,7 +334,7 @@
               }
             },
             "opengrep": {
-              "enabled": true,
+              "enabled": false,
               "name": "opengrep",
               "options": {
                 "config": "auto",
@@ -1723,7 +1723,7 @@
       "additionalProperties": true,
       "properties": {
         "enabled": {
-          "default": true,
+          "default": false,
           "title": "Enabled",
           "type": "boolean"
         },
@@ -2306,7 +2306,7 @@
         "opengrep": {
           "$ref": "#/$defs/OpengrepScannerConfig",
           "default": {
-            "enabled": true,
+            "enabled": false,
             "name": "opengrep",
             "options": {
               "config": "auto",