I want to run semgrep cli as step in my ci pipeline without internet access. So far I understand that i need to turn off metrics, version check and have the rules as yaml file. I got this to work by downloading a rule file, adding it to the mount and pointing to it in the --config parameter.
Is there an elegant way to download a ruleset from the website? Here somebody explained how to download them from a git repository, however it's still plenty of work to choose all the right rules and put them all in a single file.
I feel I am missing some obvious option here, where I can simply take the default rulesets and get it as a yaml file or I totally missunderstood the intended workflow. Is there a simpler way?