Revert "Add Semgrep to CI"

[auvipy]

Reverts #8201

This was not doing anything. And we already have other tools enabled

[auvipy]

removing as not useful

[Nusnus]

Please undo these change @auvipy .
It is very useful and in use.

[Nusnus]

Please do not remove infra stuff without making sure it's not used and as it was me who added it so I was expecting a review request before merge.

You have now broken my regular security checks.
Revert this revert @auvipy please.

P.S
This was added by instructions of @thedrow - it's not to be removed without discussion and his approval first.

[auvipy]

They reached me first and I refused their request. But later I saw you added this without letting me know or even discussing with me first. Always inform me first to take any important decision regarding the project. you must have raise a discussion first in the forum before adding anything like this.

[Nusnus]

They reached me first and I refused their request. But later I saw you added this without letting me know or even discussing with me first. Always inform me first to take any important decision regarding the project. you must have raise a discussion first in the forum before adding anything like this.

This is not correct @auvipy. I did inform in the core-developer discussion before it was archived, you just didn't see it:

{
    "discussion_post": {
      "body": "Hey everyone,\r\n\r\nI have some exciting news to share about [Semgrep](https://go.semgrep.dev/home) support for CI scanning!\r\nRecently, @thedrow and I were contacted privately by Semgrep regarding licensing for automatic CI scanning for Celery. We've successfully implemented the CI scan for Celery and Kombu, and added a badge to the README to reflect this change.\r\n\r\nJust a heads up, as part of this update, I'll be regularly checking for security findings discovered by Semgrep to ensure the continued security of our codebase.\r\n\r\nFYI",
      "created_at": "2023-04-14T15:35:34.000+03:00",
      "title": "Semgrep Support for CI Scanning",
      "user": {
        "login": "Nusnus"
      },
      "replies": [

      ]
    }
  }

https://github.com/orgs/celery/teams/core-developers/members/archived_team_posts.json

Second, I took @thedrow's word as enough, as I should, because I also notified the core team and there were not objections from anyone.

[Nusnus]

In my previous message there I tagged you personally @auvipy and you also didn't respond:

{
    "discussion_post": {
      "body": "Hello everyone,\r\n\r\nMy name is Tomer, and I'm excited to join the Celery community as a core developer. I'm a good friend of @thedrow, who invited me to collaborate on the development of Celery with him. I've been keeping an eye on the discussions here and wanted to take a moment to introduce myself.\r\n\r\nMy background in software development goes back around 15 years, starting with C/C++ and transitioning to Python in the last 7 years or so. I have diverse experience in areas such as low-level information security, SaaS development, DevOps, and automation. Additionally, I have significant expertise in testing infrastructures and QA engineering in general.\r\n\r\nAs for my current activities, I've been assigned by @thedrow to own and develop the `pytest-celery` plugin, which I'm diligently working on. I'm also addressing QA-related issues for the upcoming release of Celery 5.3, with guidance from @thedrow and collaborating with @auvipy. In addition, I'm committed to improving the current QA standards of Celery and maintaining high QA standards in the future. Furthermore, I plan to contribute to the community and be responsive to new issues, while also working towards enhancing Celery with new features in the future.\r\n\r\nI'm looking forward to making a positive impact on the Celery community and collaborating with all of you!\r\n\r\nTomer Nosrati",
      "created_at": "2023-04-14T14:10:28.000+03:00",
      "title": "Hey there 👋",
      "user": {
        "login": "Nusnus"
      },
      "replies": [

      ]
    }
  },

[Nusnus]

The bottom line is that we need to act as a team and not override/remove each other's effort without confirming (like we did correctly with the changerelease workflow removal recently). I try to keep you @auvipy and @thedrow informed and also try to make sure I see your own pings/notifications for me. Some may be lost, like the Semgrep notice you didn't see but I try to avoid repeating my mistakes and you already asked me once to notify you for big changes so I do.

We are not here to compete, we are here to contribute.
No harm is done - let's focus though on avoiding misunderstandings in the future.

[auvipy]

I might not be clear with my message, I meant to say it was actually not working, so didn't feel important. also the CI was showing that it is actually not doing anything. It is not to undo any team members effort or anything like that. I didn't see that because most probably that was archived automatically before I notice.