Skip to main content
  • Semgrep App
  • Community Tier
  • Team & Enterprise Tier

Rule board

The Rule Board is a visual representation of the rules that Semgrep App uses to scan code. Rules can be organized in rulesets. Rulesets are rules related through a programming language, OWASP category, or framework.

Rules and rulesets are displayed as cards. Group cards by dragging and dropping cards into the columns. Columns represent the actions undertaken in response to findings from that rule or ruleset.

The columns and their corresonding actions are:

Rules that display findings only on Semgrep App.
Rules that display findings to developers through PR or MRs.
Rules that block merges and commits, in addition to showing findings in Semgrep App and PRs or MRs.

Screenshot of the default state of the rule board

Semgrep App is pre-configured to use the default ruleset. The default ruleset scans for security vulnerabilities in common programming languages and frameworks.

Semgrep App detects the framework and language when scanning a project and only runs rules relevant for that framework and language.

Adding rules or rulesetsโ€‹

  1. Click Add rules. A drawer appears.
  2. Search for rules by entering a relevant search term, such as your programming language, OWASP category, or framework in the search bar.
  3. Optional: Display the rules within a ruleset by clicking on the Expand icon beside the name of the ruleset.
  4. Optional: Display the rule definition by clicking on the View in Playground icon beside the name of the rule.
  5. Drag the card and drop it on the relevant column.
  6. Once you are done adding rules and rulesets, click Save changes.

From Semgrep Registryโ€‹

  1. Click a rule or ruleset in Semgrep Registry.
  2. Click Add these to Rule Board or Add to Rule Board.
  3. Select which column to place the rule or ruleset in.
  4. The new card appears on your Rule Board.

From Semgrep Playgroundโ€‹

  1. Enter a name and save your rule.
  2. Click Add to Rule Board.
  3. Select which column to place the rule or ruleset in.
  4. The new card appears on your Rule Board.

From the in-app Editorโ€‹

  1. From the Library pane, click the rule to add to the Rule Board. The rule appears on the code pane.
  2. Click Add to Rule Board.
  3. Select which column to place the rule or ruleset in.
  4. The new card appears on your Rule Board.

Removing rules or rulesetsโ€‹

To remove a rule from the Rule board:

  1. In Semgrep App, click Rule board.
  2. Click the ruleset that contains the rule.
  3. Click the Remove ruleset icon next to the rule you're deleting.
  4. Click Save.
  • Individual rules within rulesets can only be disabled, not deleted. To disable an individual rule in Rule board, click the toggle to disable the rule.
  • When you remove a rule from the Rule Board, all associated findings on Findings page and Dashboard page are removed also.

You can also remove a rule on the Findings page, to do so, follow these steps:

  1. Go to the Semgrep App Findings page.
  2. Next to a finding with status Open, click the Ignore .
  3. Optional: Select a reason of why you are ignoring a finding. Choose either: False positive, Acceptable risk, No time to fix
  4. Click Save.
  5. Optional: Select whether you want to ignore all findings in Just this file, This directory, or Parent directory.
  6. Enable the checkbox to: Remove this rule from Rule board. This removes the related rule that matched the finding.

Configuring notificationsโ€‹

Notifications enable you to keep track of Semgrep scans within your preferred environment, such as email or Slack. They are configured for each column.

  1. Click the gear icon of the column to add a notification.
  2. Click Manage Integrations link.

For more information, follow guidelines for specific notification channel in Notifications documentation.

Find what you needed in this doc? Join the Slack group to ask the maintainers and the community if you need help.