Add Semgrep to CI/CD
Set up your CI pipeline with Semgrep AppSec Platform for centralized rule and findings management.
Set up your CI pipeline with Semgrep AppSec Platform for centralized rule and findings management.
Set up your CI pipeline manually with Semgrep AppSec Platform for centralized rule and findings management.
Learn how to receive Slack or email alerts about findings and failures and how to integrate using webhooks.
This document links to Semgrep API documentation.
Enable PR comments in your Azure DevOps repositories to display Semgrep findings to developers.
Enable PR comments in your Bitbucket Cloud repositories to display Semgrep findings to developers.
Enable PR comments in your Bitbucket Data Center repositories to display Semgrep findings to developers.
Learn how to claim a Semgrep license.
Connect a source code manager for use with Semgrep.
Learn how to set up a comprehensive Semgrep deployment for yourself or your organization.
Create a Semgrep account and organization to prepare your deployment for the addition of repositories and team members.
Use the Semgrep dashboard to gain an overview of your organization's security posture, including the deployment of guardrails.
The Dashboard is a summary view within Semgrep AppSec Platform to help security teams evaluate their organization's security posture.
Receive Semgrep findings via email.
Understanding the FedRAMP authorization boundary for code scanning services like Semgrep
Learn how Semgrep Pro tracks findings and triage states in CI pipelines.
Learn how to add a GitHub repository to Semgrep Managed Scans.
Enable pull request (PR) comments in your GitHub repositories to display Semgrep findings to developers.
Learn how to add a GitLab repository to Semgrep Managed Scans.
Enable merge request (MR) comments in your GitLab repositories to display Semgrep findings to developers.
This documents various methods to skip or ignore files or folders that are not relevant to a Semgrep scan.
Send Semgrep findings to your Jira project.
Reference for all Semgrep JSON and SARIF export fields.
Semgrep Supply Chain can detect and list a package's license. Prevent or exempt certain packages from being used based on their licenses.
View projects, detailed logs and information for any scan.
The Policies page is a visual representation of the rules that Semgrep Secrets uses to scan code.
The Policies page is a visual representation of the rules Semgrep Code uses to scan code.
Semgrep Managed Scans provides an alternative to CI-based workflows. It enables you to add repositories to your Semgrep org in bulk without changing your CI workflows.
Packages included in the latest Semgrep docker image.
This article introduces cross-file (interfile) analysis, guides you through installation, and provides some additional information.
Use this checklist to ensure a smooth deployment of Semgrep in your organization.
Set up Semgrep Managed Scans when you sign in to Semgrep for the first time.
Learn how to remove duplicate findings and prevent them from being displayed in Semgrep AppSec Platform.
Ensure that you're sending the required name and email attributes to Semgrep AppSec Platform.
If needed, check the box to enable non-password authentication mechanisms on Semgrep AppSec Platform.
If SAML signature validation fails, check your certificate upload and information.
Fix a SAML configuration error when an AttributeStatement is missing.
Generate a CycloneDX JSON or XML SBOM to view all repository dependencies.
Detect valid, leaked secrets in previous Git commits through a historical scan.
Learn about the features and differences of Semgrep AppSec Platform and Community Edition.
Receive Semgrep findings in your Slack workspaces.
SSO configuration instructions.
Guidelines on how to add or remove tags through Semgrep AppSec Platform and semgrepconfig.yml file.
Manage user access to projects through Teams.
Execute `semgrep login` correctly for customers on dedicated tenants.
Learn how to create tickets based on Semgrep findings in third-party ticketing systems.
Learn how about Semgrep Code's triage status for findings and how to triage and remediate findings.
Learn how to triage findings identified by Semgrep Secrets.
Not seeing what you expect in Semgrep AppSec Platform? Follow these troubleshooting steps or find out how to get one-on-one help.
Learn to troubleshoot SAML configuration when SAML stops working.
Send your local scans to Semgrep AppSec Platform to view and track your findings.
Learn about usage computation and other aspects of your Semgrep licenses.
View and search through all your dependencies in all your onboarded repositories at any time.
The Code page allows users to view findings identified by Semgrep Code.
Perform triage and remediation of dependency vulnerabilities through Semgrep Supply Chain.
Create webhooks to receive Semgrep findings in your endpoints.
Understand GitHub authorization and permissions.
To prevent duplicated findings, perform full scans only on the main branch of your repository.
Semgrep Editor is a powerful tool within Semgrep AppSec Platform to write rules and quickly apply these rules across an organization to enforce coding standards across an organization.