[PLUTO-1411] Add trivy/semgrep

Author: zhamborova

plugins/tools/semgrep/test/src/.codacy/tools-configs/semgrep.yml

@@ -0,0 +1,28 @@
+rules:
+  - id: python.lang.security.audit.subprocess-shell-true.subprocess-shell-true
+    pattern: |
+      subprocess.run(..., shell=True)
+    message: "Unsafe command execution with shell=True"
+    severity: WARNING
+    languages: [python]
+
+  - id: python.lang.security.audit.hardcoded-password.hardcoded-password
+    pattern: |
+      $PASSWORD = "..."
+    message: "Hardcoded password detected"
+    severity: WARNING
+    languages: [python]
+
+  - id: python.lang.security.audit.pickle.avoid-pickle
+    pattern: |
+      pickle.loads(...)
+    message: "Unsafe deserialization with pickle"
+    severity: WARNING
+    languages: [python]
+
+  - id: python.lang.security.audit.os-system.os-system
+    pattern: |
+      os.system(...)
+    message: "Unsafe command execution with os.system"
+    severity: WARNING
+    languages: [python]