feat(catalog): add opengrep (fully-OSS Semgrep fork)

[CybotTM]

Summary

• Adds catalog/opengrep.json — installs the statically-linked opengrep binary from GitHub releases (v1.19.0 latest) via the existing github_release_binary installer; auto-update enabled.
• Keeps semgrep in the catalog alongside — both tools coexist so users can choose based on license/feature needs.
• Refreshes upstream_versions.json baseline (+1 entry) and bumps COVERAGE.md tool count 55 → 56.

Why both? Opengrep is an LGPL-2.1 fork of Semgrep, created after Semgrep relicensed the Community rule registry to CC-BY-NC-SA. CLI-compatible (same rules, same .semgrepignore, same nosemgrep: comments), fully-OSS engine, no Pro/account gating. See the companion PR in security-audit-skill for audit guidance.

Test plan

• bash scripts/installers/github_release_binary.sh opengrep → installs to ~/.local/bin/opengrep, reports 1.19.0
• opengrep --version → 1.19.0 ✅
• uv run python audit.py opengrep → ✅ UP-TO-DATE with proper upstream link
• uv run pytest -x -q → 546 passed, 1 skipped
• uv run pre-commit run --files catalog/opengrep.json catalog/COVERAGE.md upstream_versions.json → all passing

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 66.87%. Comparing base (407bb9b) to head (5ccd1dd).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #77   +/-   ##
=======================================
  Coverage   66.87%   66.87%           
=======================================
  Files          21       21           
  Lines        3230     3230           
=======================================
  Hits         2160     2160           
  Misses       1070     1070           

Flag	Coverage Δ
unittests	66.87% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[gemini-code-assist]

Code Review

This pull request adds opengrep to the tool catalog, including its configuration file, upstream version tracking, and documentation updates. The review feedback identifies consistency issues in the coverage documentation where summary counts were not fully updated and suggests maintaining alphabetical order for the new entry in the upstream versions file.

[Copilot]

Pull request overview

Adds opengrep as a new installable tool in the catalog (alongside semgrep), and updates the repository’s tracking/coverage metadata accordingly.

Changes:

• Add catalog/opengrep.json to install opengrep via the existing github_release_binary installer (auto-update enabled).
• Add an opengrep entry to upstream_versions.json for upstream version tracking.
• Update catalog/COVERAGE.md tool count and list to include opengrep.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
upstream_versions.json	Adds opengrep to the upstream baseline version registry.
catalog/opengrep.json	New catalog definition for installing the opengrep binary from GitHub releases.
catalog/COVERAGE.md	Increments catalog tool count and inserts opengrep into the listed tools.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.