Configure GitHub Actions to use the nonroot Semgrep docker image
How to properly configure your GitHub Actions workflow to use the `nonroot` Semgrep docker image
7 docs tagged with "Semgrep CI"
View all tagsSemgrep in CI vs CLI: align your SAST scan results and understand differences
How to align your scan results between CI and CLI and understand differences in behavior.
Set up reusable GitHub workflows for Semgrep scans
Learn how to set up reusable GitHub workflows for Semgrep scans.
Why are duplicate findings appearing after running Semgrep in CI?
To prevent duplicated findings, perform full scans only on the main branch of your repository.
Why aren't findings populating in the GitHub Advanced Security Dashboard after running Semgrep in CI?
To prevent "resource not accessible by integration" error when running job to upload findings to GitHub's Advanced Security Dashboard
Why did the comments on a PR or MR not appear inline?
When Semgrep comments on PR or MR findings, the comments are usually posted on the line of code where the finding is identified (inline). However, there are two common reasons why comments may not appear inline.
Why is my repository not receiving PR or MR comments?
Use this reference to check why you may not be receiving Semgrep comments on PRs or MRs.