Semgrep JSON and SARIF fields
This reference provides all Semgrep fields for JSON and SARIF output.
For fields that are exclusive to Semgrep AppSec Platform, you must sign in to generate values for those fields.
JSON
| Field | Semgrep CE | Semgrep AppSec Platform |
|---|
errors | ✅ | ✅ |
interfile_languages_used | ❌ | ✅ |
paths | ✅ | ✅ |
results | See results object |
skipped_rules | ✅ | ✅ |
version | ✅ | ✅ |
results object
| Field | Semgrep CE | Semgrep AppSec Platform |
|---|
check_id | ✅ | ✅ |
end | ✅ | ✅ |
extra | See extra object |
skipped_rules | ✅ | ✅ |
start | ✅ | ✅ |
paths | ✅ | ✅ |
| Field | Semgrep CE | Semgrep AppSec Platform |
|---|
engine_kind | ✅ | ✅ |
fingerprint | ❌ | ✅ |
fix | ✅ | ✅ |
is_ignored | ❌ | ✅ |
lines* | ❌ | ✅ |
message | ✅ | ✅ |
metadata | See metadata object |
metavars | ❌ | ✅ |
severity | ✅ | ✅ |
validation_state(for Secrets scans only) | ✅ | ✅ |
*lines refers to the text of the matched lines, not the line numbers themselves. See the results object to view line numbers.
| Field | Semgrep CE | Semgrep AppSec Platform |
|---|
category | ✅ | ✅ |
confidence | ✅ | ✅ |
cwe | ✅ | ✅ |
impact | ✅ | ✅ |
license | ✅ | ✅ |
likelihood | ✅ | ✅ |
owasp | ✅ | ✅ |
references | ✅ | ✅ |
semgrep.dev | ❌ | ✅ |
semgrep.policy | ❌ | ✅ |
shortlink | ✅ | ✅ |
source | ✅ | ✅ |
subcategory | ✅ | ✅ |
technology | ✅ | ✅ |
vulnerability_class | ✅ | ✅ |
SARIF
| Field | Semgrep CE | Semgrep AppSec Platform |
|---|
$schema | ✅ | ✅ |
runs | See runs object |
version | ✅ | ✅ |
runs object
| Field | Semgrep CE | Semgrep AppSec Platform |
|---|
invocations | ✅ | ✅ |
results | See results object |
rules | ✅ | ✅ |
semanticVersion | ✅ | ✅ |
results object
| Field | Semgrep CE | Semgrep AppSec Platform |
|---|
fingerprints | ❌ | ✅ |
locations | ✅ | ✅ |
message | ✅ | ✅ |
properties | ✅ | ✅ |
ruleId | ✅ | ✅ |