Skip to main content

Analyze Semgrep Code findings with Semgrep Multimodal

Once you've enabled Multimodal, you can use the Analyze button on the Findings page to trigger all Multimodal functions for Semgrep Code, including Suggested fix, auto-triage, and component tagging, on existing findings.

Analyze your findings with Multimodal

  1. On the Findings page, select the findings that you want Multimodal to analyze.
  2. Click Analyze.
  3. In the confirmation dialog that appears, confirm that you want to analyze your findings with Multimodal.

After Multimodal performs these functions, you can see its results on the Code page using the Recommendation or Component filters. When viewing your findings, you can see false positive and true positive recommendations in a finding's Details page.

The amount of time required to analyze your findings varies. Before running the analysis, the confirmation dialog provides an estimated wait time.

info
  • For Team tier users with less than 10 contributors: There is a cap of 50 Multimodal runs per month using the Analyze button.
  • For Team or Enterprise users with an active subscription: There is a cap of 10,000 Multimodal runs per month using the Analyze button. It is rate-limited to 1,000 Multimodal runs per hour.
  • For users of any tier: Multimodal runs against pull requests (PRs) and merge requests (MRs) do not count against this limit.

When Multimodal auto-analyzes findings

Multimodal automatically analyzes new findings from a full scan that have Critical or High severity AND High or Medium confidence.

On a diff-aware scan, Multimodal auto-analyzes up to a maximum 10 new findings, regardless of severity or confidence.

note

Some findings created before November 2025 may not be auto-analyzed, even if they meet the criteria.

Request analysis for existing findings

If you want Multimodal analyses for findings that weren't automatically analyzed, you can request them in bulk through Semgrep AppSec Platform. See the Analyze your findings with Multimodal section for details.

If you need assistance with bulk analysis requests or have questions about backfilling analyses for your findings, contact Semgrep Support.

View Multimodal recommendations

You can view all of Semgrep Multimodal's recommendations by going to the Semgrep Findings page and filtering by Recommendation or Component.

Provide feedback on Multimodal recommendations

Semgrep Multimodal prompts you for feedback whenever it suggests that a finding is a false positive. Because Multimodal content is generated by large language models (LLMs), your feedback helps the Semgrep team improve Multimodal.

Semgrep Multimodal lets you leave feedback in the following places:

  • In Semgrep AppSec Platform: the Multimodal recommendation appears in Semgrep Code's Finding Details page under Activity, along with Agree and ignore or Disagree buttons.
  • In Slack notifications: the Agree and Disagree buttons appear under the Multimodal recommendation message.

Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.