A Semgrep scan is having a problem - what next?
Troubleshoot common issues with Semgrep scans.
Troubleshoot common issues with Semgrep scans.
Change rule severity and other metadata by forking rules
Definitions of Semgrep Code product-specific terms.
Learn how to implement rule patterns that include the targeted language's reserved words.
The Policies page is a visual representation of the rules Semgrep Code uses to scan code.
Semgrep's generic pattern matching mode can match comments in code files.
You can approximate this behavior by matching an entire file, but excluding the desired content from the match.
Ellipsis metavariables can help with matching multiple word tokens.
This may be occurring because SEMGREP_APP_TOKEN is set as a group variable.
Learn about Semgrep Code, a static application security testing (SAST) tool | that finds security vulnerabilities in your first-party code.
Learn how to use Semgrep's experimental pattern syntax to search code for a specific code pattern.
This article introduces cross-file (interfile) analysis, guides you through installation, and provides some additional information.
Learn the rule and file performance principles to abide by when scanning repositories to optimize scan times.
Detailed documentation for Semgrep's Python support.
Learn different strategies to reduce false positives in your Semgrep CE scans.
Learn how to remove duplicate findings and prevent them from being displayed in Semgrep AppSec Platform.
Learn how to run all available rules on your repository.
Learn about Semgrep rules, how to add your custom rules and rules from Semgrep Registry, a community-contributed repository of rules to help enforce security.
Proprietary Semgrep features for the Java language that can increase true positives and reduce false positives.
A guide using to Semgrep Pro Rules: supported languages, vulnerabilities covered, and using Pro rules in Semgrep scans.
Learn how Semgrep supports all versions of a programming language.
Learn how about Semgrep Code's triage status for findings and how to triage and remediate findings.
Troubleshoot scan failures on monorepos by studying logs, compartmentalizing scans, increasing RAM, and running jobs in parallel.
Troubleshoot "invalid header value" errors in GitHub and Gitlab
The Code page allows users to view findings identified by Semgrep Code.
This may be occurring because rule coverage has increased.
Change the default mode for a ruleset.
Semgrep Editor is a powerful tool within Semgrep AppSec Platform to write rules and quickly apply these rules across an organization to enforce coding standards across an organization.