Skip to main content

Analyze findings with Semgrep Assistant

Once you've enabled Assistant, you can use the Analyze button on the Findings page to trigger all Assistant functions, including autofix, auto-triage, and component tagging, on existing findings.

Assistant Analyze button on Findings page

To analyze your findings with Assistant:

  1. On the Findings page, select the findings that you want Assistant to analyze.
  2. Click Analyze.
  3. In the confirmation dialog that appears, confirm that you want to analyze your findings with Assistant.

After Assistant performs these functions, you can see its results on the Code page using the Recommendation or Component filters. When viewing your findings, you can see false positive and true positive recommendations in a finding's Details page.

The amount of time required to analyze your findings varies. Before running the analysis, the confirmation dialog provides an estimated wait time.

info
  • For Team tier users with less than 10 contributors: There is a cap of 50 Assistant runs per month using the Analyze button.
  • For Team or Enterprise users with an active subscription: There is a cap of 10,000 Assistant runs per month using the Analyze button. It is rate-limited to 1,000 Assistant runs per hour.
  • For users of any tier: Assistant runs against pull requests and merge requests do not count against this limit.

View recommendations

You can view all of Semgrep Assistant's recommendations by going to the Semgrep Findings page and filtering by Recommendation or Component.

Feedback

Semgrep Assistant prompts you for feedback whenever it suggests that a finding is a false positive. Because Assistant content is generated by language models (LLMs), your feedback helps the Semgrep team improve Assistant.

Semgrep Assistant lets you leave feedback in the following places:

  • In Semgrep AppSec Platform: the Assistant recommendation appears in Semgrep Code's Finding Details page under Activity, along with Agree and ignore or Disagree buttons.
  • In Slack notifications: the Agree and Disagree buttons appear under the Assistant recommendation message.
  • In GitHub pull requests: you can leave feedback using /semgrep assistant agree|disagree.

If Semgrep Assistant suggests that a finding is a true positive and supplies an autofix suggestion, there is no automated mechanism to leave feedback on this outcome. Feel free to contact the Semgrep team at support@semgrep.com to let us know your thoughts.

Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.