Alerts and notifications
You can receive notifications for Semgrep findings in the following channels:
Channel | Semgrep Code | Semgrep Supply Chain |
---|---|---|
Slack | Integrate with Semgrep through Settings > Integrations. Customize through rule modes in Policies page. | Integrate with Semgrep through Settings > Integrations. Limited customizability; configured by default to send notifications on reachable findings |
Not available | ||
Webhooks | Not available |
Setting up notifications involves the following steps:
- Integrating the notification channel, such as Slack, with Semgrep.
- Customizing the conditions under which a notification is sent to that channel. Available conditions and how they are set up varies depending on the Semgrep product; see the following table.
Semgrep Code rule modes define workflow actions (Monitor, Comment, or Block) that Semgrep Code performs when a rule detects a finding. In addition to these workflow actions, you can also configure Semgrep to send notifications on any rule mode.
Click to expand table of rule modes
Rule mode | Description |
---|---|
Monitor | Rules in Monitor mode display findings only in:
|
Comment | Rules in Comment mode display findings in:
|
Block | Rules in Block mode cause the scan job to fail with an exit code of 1 if Semgrep Secrets detects a finding from these rules. You can use this result to enforce a block on the PR or MR. For example, GitHub users can enable branch protection and set the PR to fail if the Semgrep step fails. These rules display findings in:
|
View integrations
To view all integrations available to you in Semgrep AppSec Platform, follow these steps:
- Sign in to your Semgrep AppSec Platform account.
- Click Settings > Integrations.
Figure. The integrations available in Semgrep AppSec Platform.
Next steps
Refer to the specific documentation page for the notification channel you want to set up.
Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.