Sign in to Semgrep
Signing in to the Semgrep AppSec Platform web app enables you to:
- View and triage your findings in bulk.
- Use your organization's custom Semgrep rules and configurations when you perform local scans with Semgrep. This ensures that everyone in the organization uses the same rules and analyses.
- Not all organizations require their developers to create a Semgrep account.
- You can resolve or triage (ignore) findings in pull or merge request comments, even without a Semgrep account, by replying to the comment. See Resolve findings in your pull or merge request.
Semgrep in multiple environments
If you have not yet created a Semgrep account, it is recommended to first sign in to the Semgrep web app. This process creates a personal account, which you can then use to join your organization's Semgrep account. This lets you use your organization's Semgrep configuration, such as custom rules and scan parameters.
If you use Semgrep in your CLI or IDE, you must sign in from those environments as well. It is recommended to sign in from these interfaces after you have signed in to your organization account in the web app.
Prerequisites
- Confirm with your security team that there is an existing organization account for you to join.
- For CLI and IDE scans, see Prerequisites > Command line tool to ensure that your machine meets Semgrep's requirements.
Sign in to the web app
In a typical Semgrep deployment, your company creates an org that you can sign in to and join using your GitHub, GitLab, or SSO credentials. Your organization will let you know through a notice or announcement once you can sign in.
- GitHub or GitLab
- SSO
To join an existing org in GitHub or GitLab:
- Sign in to Semgrep AppSec Platform with the account credentials specified by your admin.
- Follow the on-screen prompts to grant Semgrep the needed permissions and proceed. This creates your personal Semgrep account.
- Click Join an existing organization.
- Click your organization's name. The web app signs you in to your organization's Semgrep account. You can verify this by viewing the account name in the navigation menu.
To join an existing org through your SSO provider:
- Sign in to Semgrep AppSec Platform with the account credentials specified by your admin.
- You are automatically signed in to all organizations that your admin has set up for you.
After signing in to your org's account, you can now sign in and scan with Semgrep from other environments, such as your CLI or IDE.
Set up Semgrep in the CLI
Install the Semgrep CLI tool
- Homebrew users: Ensure that you've added Homebrew to your PATH.
- WSL users: Ensure that you have the Windows Subsystem for Linux installed before proceeding.
Install the Semgrep CLI tool and confirm the installation:
# macOS users only
brew install semgrep
# macOS, Linux, or Windows Subsystem for Linux (WSL) users
python3 -m pip install semgrep
# confirm
semgrep --version
Sign in to Semgrep from the CLI
To sign in to Semgrep:
- Ensure that you are signed in to your org account in the Semgrep web app.
- Enter the following command in your CLI:
semgrep login - Running this command launches a browser window, but you can also use the link that's returned in the CLI to proceed.
- In the Semgrep CLI login dialog, click Activate to proceed.
You are now ready to run local scans with your org's Semgrep configuration.
Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.