Semgrep allows for ignoring findings in code by specifying a
nosemgrep comment on the first line of a finding. Comments take the form of
nosemgrep: <rule-id>. This functionality works across languages. Previously this was implemented with the comment
nosem, and lines with these comments will continue to be ignored.
nosemgrep comment ignores all Semgrep findings for the line on which it appears. A
nosemgrep comment specifying a specific rule ID only ignores the specified rule. Multiple rules can be ignored using a comma-delimited list.
bad_func(); // nosemgrep
bad_func(); // nosemgrep: rule-id-1
bad_func(); // nosemgrep: rule-id-1, rule-id-2
bad_func( // nosemgrep: rule-id-1
For example, in Python:
bad_func() # nosemgrep: rule-id-1
The space (
nosemgrep is required for Semgrep to detect this annotation.
Semgrep will respect the presence of a
.gitignore in the project and will not scan any paths present in that file. This behavior can be disabled by using the flag
Semgrep CI users can also use a
If you're directly running the Semgrep command line tool, use the
--exclude <pattern> flag.
Find what you needed in this doc? Join the Slack group to ask the maintainers and the community if you need help.