Running rules

Existing and custom Semgrep rules can be run locally via the CLI or continuously in CI. See Getting started for their respective installation and setup.

Running rules
Run registry rules
Run local rules
Managing findings

Run registry rules

Explore the Semgrep Registry and run rules and rulesets via:

# Run a ruleset with rules for many languages using --config
$ semgrep --config=<ruleset-id> path/to/src
$ semgrep --config p/r2c-ci path/to/src

Rulesets can be added to Semgrep CI scans using their "Add to Policy" button on Semgrep Community and Semgrep Team.

Run local rules

Info

See Writing rules > Getting started to learn how to write rules.

Local rules can be ephemeral using the -e or --pattern flag or run from YAML rule files conforming to the Rule syntax schema.

# Check for Python == where the left and right hand sides are the same (often a bug)
$ semgrep -e '$X == $X' --lang=py path/to/src

# Run local YAML rule files
$ semgrep --config path/to/yaml

Managing findings

See Ignoring Findings for details on how to supress rule output.