Beyond core deployment
Now that you've finished your Semgrep core deployment, you can either customize Semgrep's scan behavior or continue to enable additional deployment features. The following sections list common tasks after you've finished your core deployment.
Customize Semgrep scans or triage workflow
| Concern | Guide |
|---|---|
| Semgrep Code scans irrelevant files. | Ignore files, folders, or code. |
| Semgrep Code is too noisy. | Enable Semgrep Pro Engine or remove rules and rulesets through the Policies page. |
| I want my developers to see certain security issues in their pull or merge requests. | Configure Comment mode in the Policies page. |
| I want to prevent developers from using dependencies with certain licenses. | Set up license compliance. |
| I want to receive AI assistance when I triage findings. | Enable Semgrep Assistant. |
| I want to enforce my organization's coding standards. | Write a custom rule and add it to your Policies page. |
Enable additional deployment features
| Concern | Guide |
|---|---|
| I want to receive notifications in my environment. | Set up notifications. |
| I want my developers to use Semgrep on their IDE. | Install and set up available IDE extensions. |
| I'm scanning too many projects (repositories onboarded to Semgrep) and want to group them somehow. | Tag your projects. |
| I'd like to manage access to the resources that developers can view or change in Semgrep AppSec Platform. | Configure roles and users. |