Using ChatGPT4 to write Semgrep .yaml rules is the fastest way we've ever had to add language/framework -agnostic linting rules.
The friction is so low that a new rule can be in place in less than 2 minutes, and that thing never needs to be discussed again.
So good.
An example is worth a thousand words, so here is it writing a #django rule to ban implicit ordering of querysets by defining the ordering on the model.
Written, tested and sent to CI within 60 seconds.
One great thing about it is that it differentiates between "monitor", "comment", and "block".
So you can test rules without anyone seeing anything, or roll them out as comments only so they appear on PRs as a GitHub comment. Then only use "block" for ones you know are legit.
Darian Moody