Skip to main content

Alerts and notifications

You can receive notifications for Semgrep findings in the following channels:

ChannelSemgrep CodeSemgrep Supply Chain
SlackIntegrate with Semgrep through Settings > Integrations. Customize through rule modes in Policies page.Integrate with Semgrep through Settings > Integrations. Limited customizability; configured by default to send notifications on reachable findings
EmailNot available
WebhooksNot available

Setting up notifications involves the following steps:

  1. Integrating the notification channel, such as Slack, with Semgrep.
  2. Customizing the conditions under which a notification is sent to that channel. Available conditions and how they are set up varies depending on the Semgrep product; see the following table.

Semgrep Code rule modes define workflow actions (Monitor, Comment, or Block) that Semgrep Code performs when a rule detects a finding. In addition to these workflow actions, you can also configure Semgrep to send notifications on any rule mode.

Click to expand table of rule modes
Rule modeDescription
MonitorRules in Monitor mode display findings only in:
  • Semgrep AppSec Platform
  • For Semgrep Code and Supply Chain: User-defined notifications
Set rules to this mode to evaluate their true positive rate and other criteria you may have. By keeping rules in Monitor, developers do not receive potentially noisy findings in their PRs or MRs.
CommentRules in Comment mode display findings in:
  • Developers' PRs or MRs
  • Semgrep AppSec Platform
  • For Semgrep Code and Supply Chain: User-defined notifications
Set rules that have met your performance criteria to this mode when you are ready to display findings to developers.
BlockRules in Block mode cause the scan job to fail with an exit code of 1 if Semgrep Secrets detects a finding from these rules. You can use this result to enforce a block on the PR or MR. For example, GitHub users can enable branch protection and set the PR to fail if the Semgrep step fails.
These rules display findings in:
  • Developers' PRs or MRs
  • Semgrep AppSec Platform
  • For Semgrep Code and Supply Chain: User-defined notifications
These are typically high-confidence, high-severity rules.

View integrations

To view all integrations available to you in Semgrep AppSec Platform, follow these steps:

  1. Sign in to your Semgrep AppSec Platform account.
  2. Click Settings > Integrations. Integrations page while adding the first integration. Figure. The integrations available in Semgrep AppSec Platform.

Next steps

Refer to the specific documentation page for the notification channel you want to set up.


Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.