Skip to main content
  • Semgrep App
  • Community Tier
  • Team & Enterprise Tier

Integrating Semgrep App with third-party tools

Semgrep App contains third-party integrations to allow you to add data from Semgrep to other tools that are part of your workflows.

Currently, Semgrep App integrates with the following tools:

ToolTier availability
SlackCommunity (Free)
EmailCommunity (Free)
JiraTeam/Enterprise
WebhookTeam/Enterprise

Finding available integrationsโ€‹

To find available integrations for Semgrep App, follow these steps:

  1. Sign in to your Semgrep App account.
  2. Click Settings.
  3. Click Integrations. Screenshot of Semgrep's "Create New Integration Channel" menu
  4. Click Add Integration (or Setup First Integration if this is your first integration). Screenshot of Integrations page while adding the first integration.

Managing integrationsโ€‹

To view, add, remove, disable, or enable your saved integration channels:

  1. In the Settings > Integrations page, explore the options available for specific integration.
  2. In the Rule board, click the gear icon to enable or disable an integration. Screenshot of Semgrep's Rule board integration modal

Integrating various third-party toolsโ€‹

This section describes how to integrate Semgrep App into particular third-party tools.

Slackโ€‹

Slack integration allows Semgrep to send findings and notifications to a channel on your Slack workspace. To enable and integrate Slack notifications, follow these steps:

  1. Log in to your Semgrep App account, and then go to Settings > Integrations.
  2. On the Integrations page click Add Integration (or Setup First Integration if this is your first integration), and then select Slack.
  3. Click Allow.
  4. Open your Slack workspace and click Add apps button.
    Note: For more information about Slack apps, see Slack documentation.
  5. Search for Semgrep, and then click on the underlined Semgrep link.
  6. In your Slack workspace, find or create a specific channel for Semgrep notifications.
  7. In the selected Slack channel, use the following slash command:
    /semgrep_subscribe
  8. Choose an organization in the list under Select target organization, and then click Subscribe.
  9. Go to Semgrep Integrations page and find your Slack integration menu.
  10. Click List of channels receiving Semgrep notifications, and then click Test. Slack integration menu with the **test** button

To see more Slash commands for Semgrep integration, go to your Slack app homepage, and then click Features to see available Slash commands. The available options are the following:

  • List all the organization slugs authorized to use the Semgrep Slack app on the current workspace.

    /semgrep_orgs
  • Lists all the channel configs currently subscribed to the Semgrep notifications.

    /semgrep_show_configs
  • Subscribe to findings with Semgrep:

    /semgrep_subscribe

A sample Slack message with Semgrep findings: Screenshot of a Slack notification describing the details of a finding


Additional resourcesโ€‹

See alsoโ€‹

Notifications -> Slack

Emailโ€‹

Receive Semgrep findings in an email address of your choice with email integration.

To set up email integration:

  1. In Integrations, click Add Integration.
  2. Click on Email.
  3. Enter a Name for the integration.
  4. Enter the Email address that will receive Semgrep findings.
  5. Click Save.
  6. Turn notifications on by going to the Rule board, clicking on the gear icon, and then click the toggle next to the name of the integration.

Here is a sample of an email sent from Semgrep with findings:

Screenshot of Semgrep email with findings

See alsoโ€‹

Notifcations -> Email

Jiraโ€‹

Jira integration is a feature available in Semgrep's Team tier and above.

This integration allows you to create Jira tickets directly from the Findings page with relevant information about a particular finding.

To set up Jira integration:

  1. In Integrations, click Add Integration.
  2. Click on Jira.
  3. Enter a Name for the integration.
  4. Enter the email address used for the Atlassian account.
  5. Enter your Atlassian domain URL.
  6. Enter your Project key. This is the prefix for tasks created within a project. Semgrep will create issues to the project identified here.
  7. Enter the Issue type. This is the type of issue for Semgrep findings, for example, Bug.
  8. Enter the API Token. Tokens are generated through this link: Manage API Tokens.
  9. Click Save.

To create a Jira ticket from Semgrep:

  1. In Findings, click on the three-dot icon of the entry to create a Jira ticket for the finding. Creating a Jira ticket from the Findings page
  2. Select Create issue with [YOUR_INTEGRATION_NAME]. Output of Jira integration

Webhooksโ€‹

Webhooks are a feature available in Semgrep's Team tier and above.

Webhooks are a generic method for Semgrep to post JSON-formatted findings after each scan to your URL endpoint. To set up a webhook:

  1. Go to Settings > Integrations, and then click Add Integration.
  2. Click Webhook.
  3. Enter a Name for the integration.
  4. Enter the Webhook URL.
  5. To ensure that Semgrep can post to your URL, click Test. Successful webhook integration test
  6. Click Save.
  7. Turn notifications on by going to the Rule board, clicking on the gear icon, then click the toggle next to the name of the integration.

Here is a sample of a webhook sent from Semgrep with findings:

Screenshot of Semgrep webhook JSON with findings

See alsoโ€‹


Find what you needed in this doc? Join the Slack group to ask the maintainers and the community if you need help.