Skip to main content

Extensions

Several third-party tools include Semgrep extensions.

Official IDE extensions

Community-contributed IDE extensions

The LSP Command

All of our official extensions use the Language Server Protocol to communicate with Semgrep. This allows us to focus on one codebase that can be shared across most modern editor platforms. To implement a custom extension, one can wrap semgrep lsp to start the Semgrep Language Server, which will communicate over stdio. Alternatively, this protocol is a great way to integrate Semgrep into a project, as it can perform incremental scans, and caches various computations to hugely increase performance. Please let us know on our community Slack linked below if you do, we'd be more than happy to help in anyway.

Pre-commit

The pre-commit framework can run semgrep at commit-time. Install pre-commit and add the following to .pre-commit-config.yaml

repos:
- repo: https://github.com/semgrep/semgrep
  rev: 'v1.70.0'
  hooks:
    - id: semgrep
      # See https://semgrep.dev/explore to select a ruleset and copy its URL
      args: ['--config', '<SEMGREP_RULESET_URL>', '--error', '--skip-unknown-extensions']

The pre-commit can also run custom rules and rulesets from Semgrep Code, similar to running semgrep ci using the following configuration:

repos:
- repo: https://github.com/semgrep/semgrep
  rev: 'v1.70.0'
  hooks:
    - id:  semgrep-ci

Run with Semgrep Pro rules

If you would like to run the pre-commit hook locally while using Semgrep Pro rules:

  1. Log in to your Semgrep account. Running this command launches a browser window, but you can also use the link that's returned in the CLI to proceed:

    semgrep login

  2. In the Semgrep CLI login, click Activate to proceed.

Version management

Semgrep as an engine

Many other tools have functionality powered by Semgrep. Add yours with a pull request!

Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.