Announcing Semgrep's experimental support of Swift

Try your hand at writing Semgrep rules for Swift

Nat Mote
September 6th, 2022
Share

One of Semgrep’s design principles is to make static analysis possible for every programming language. As we continue to add support for languages, we’re pleased to announce that Swift has now reached experimental status in Semgrep! Semgrep’s parse rate for Swift is at 94%, well above the 90% bar for experimental status, and the basic Semgrep features (... and metavariables) work correctly.

In large part, this is thanks to Alex Pinkus’ excellent work on the Swift Tree-sitter grammar. We use this to parse Swift code before converting it to our generic AST which we can then analyze. If we had been starting from scratch, it would have been much more difficult to reach this point!

Currently, there are no Swift rules in the registry but see below for an example of something that Semgrep can now scan for.

Until Swift rules are added to the registry, you must write custom rules to get findings. However, setting the following up now will position you to get findings as soon as new rules are published.

To scan your Swift code:

  • Using Semgrep App, add a GitHub or GitLab project and have Semgrep scan your codebase every time a PR or MR is created!

  • On the command line, upgrade to Semgrep v0.111.0 or higher (often using brew upgrade semgrep or pip install --upgrade semgrep) and scan your Swift code with semgrep --config=auto .

If you want to contribute Swift rules or file bugs, please check out the documentation.

If you have any questions, feel free to reach out to us in the community Slack. We're happy to answer any questions you might have.

About

Semgrep lets security teams partner with developers and shift left organically, without introducing friction. Semgrep gives security teams confidence that they are only surfacing true, actionable issues to developers, and makes it easy for developers to fix these issues in their existing environments.