we are using semgrep to validate our C# in CI - the calling of it is managed by the larger enterprise and we have no control over it - or adding command line parameters etc.
There's a rule we very much don't agree with. We can embed a comment in the code to ignore the rule every time it comes up - and that works - but is onerous. We can ignore a whole file by putting the name in .semgrepignore and that works.
What we'd like to do is put a rule in something like an ignore file and ignore that rule everywhere in the project. Is that possible?
There are 5 options here:
Note: Semgrep Community Slack is very active with questions like this.