Skip to main content

Set up Semgrep Supply Chain for your infrastructure

Your deployment journey

Semgrep Supply Chain performs software composition analysis with reachability.

Scanning third-party code with Semgrep Supply Chain may require additional steps, such as generating a lock file that it can parse in continuous integration (CI).

The documents in this category describe how to set up Semgrep Supply Chain for specific lock files or CI providers, to ensure that your Semgrep Supply Chain deployment functions as intended.

CI providerIssueSolution
Jenkins UI using git pluginFindings are not being sent to Semgrep AppSec Platform.Set the correct branch name by following the steps in Setting up Semgrep Supply Chain with Jenkins UI
Package managerIssueSolution
MavenSemgrep Supply Chain requires a dependency tree to detect packages.Generate a dependency tree using mvn by following the steps in Setting up Semgrep Supply Chain with Apache Maven.

Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.