๐๏ธ Running Semgrep using templates in Azure Pipelines
Running Semgrep commands in Azure Pipelines templates.
๐๏ธ Triggering events from Bitbucket to Jenkins
How to trigger events from the Bitbucket server to a Jenkins instance
๐๏ธ Set up Jenkins pipeline projects for Bitbucket repositories
Set up Jenkins pipeline projects for Bitbucket repositories.
๐๏ธ Semgrep in CI vs CLI: align your SAST scan results and understand differences
How to align your scan results between CI and CLI and understand differences in behavior.
๐๏ธ Collecting Semgrep GitHub Actions logs from GitHub
Collect logs from GitHub Actions to troubleshoot Semgrep CI scans.
๐๏ธ GitLab "Job's log exceeded limit" error
Collect verbose logs from GitLab to troubleshoot Semgrep CI scans.
๐๏ธ Failed to run a git command during a pull or merge request scan
When running Semgrep in CI with a pull or merge request as the triggering event, Semgrep runs some additional git commands to determine the behavior for the scan. The scan exits with an error if these commands fail. A message like the following shows in the output:
๐๏ธ Use GitHub repository rulesets to implement Semgrep
Set up GitHub required workflows to efficiently implement Semgrep scans across many repositories.
๐๏ธ Set up reusable GitHub workflows for Semgrep scans
Learn how to set up reusable GitHub workflows for Semgrep scans.
๐๏ธ Why aren't findings populating in the GitHub Advanced Security Dashboard after running Semgrep in CI?
To prevent "resource not accessible by integration" error when running job to upload findings to GitHub's Advanced Security Dashboard
๐๏ธ Jenkins shared library with Semgrep scans
Setting up Jenkins shared library with Semgrep scans
๐๏ธ Receive Semgrep MR comments through a GitLab runner
Set additional environment variables to receive Semgrep MR comments through a GitLab runner.
๐๏ธ Scanning a monorepo in parts
How to scan a monorepo in parts for better CI performance and clearer findings organization
๐๏ธ Why are duplicate findings appearing after running Semgrep in CI?
To prevent duplicated findings, perform full scans only on the main branch of your repository.