Is your feature request related to a problem? Please describe.
I am trying to progressively phase in semgrep in my organization. The issue I'm running into is familiar to anybody that uses SAST tools of any sort; the number of initial results can be overwhelming. Thus, I would like to limit the number of rules that I run initially and gradually add to that baseline over time.

Describe the solution you'd like
I would like a feature where I can select which rules to run based off of metadata filters. Such as confidence=high, impact=high, likelihood=high, technology=java. I would like the ability to combine these filters with AND and OR logic.

Describe alternatives you've considered
Right now I am cloning the semgrep-rules repo, grepping for a particular string or set of strings, copying files that match into a separate folder, then running all the rules in the folder.

Use case
This feature will enable me to progressively phase in the use of semgrep without overloading engineers and improve the effectiveness of this great tool.

Additional context
N/A

hey @aabashkin! Thanks for the writup. This functionality already exists on semgrep.dev and the UI there is a lot better for managing these rule policies, so we're unlikely to invest in adding more filters into the CLI. This could change in the future, but I'm going to close this feature request for now.