A Semgrep scan is having a problem - what next?
Troubleshoot common issues with Semgrep scans.
Troubleshoot common issues with Semgrep scans.
Learn how Semgrep Assistant can provide recommendations for triage and remediation of Semgrep findings.
Learn how to claim a Semgrep license.
Reference for the Semgrep command-line interface including options and exit code behavior.
Reference for the Semgrep command-line interface including options and exit code behavior.
Learn how Semgrep Pro tracks findings and triage states in CI pipelines.
Learn how to implement rule patterns that include the targeted language's reserved words.
Semgrep's generic pattern matching mode can match comments in code files.
You can approximate this behavior by matching an entire file, but excluding the desired content from the match.
Ellipsis metavariables can help with matching multiple word tokens.
This may be occurring because SEMGREP_APP_TOKEN is set as a group variable.
Learn about Semgrep Code, a static application security testing (SAST) tool | that finds security vulnerabilities in your first-party code.
Learn how to use Semgrep's experimental pattern syntax to search code for a specific code pattern.
Learn the rule and file performance principles to abide by when scanning repositories to optimize scan times.
Learn how to remove duplicate findings and prevent them from displayed in Semgrep Cloud Platform.
Learn how to run all available rules on your repository.
Proprietary Semgrep features for the Java language that can increase true positives and reduce false positives.
A guide using to Semgrep Pro Rules: supported languages, vulnerabilities covered, and using Pro rules in Semgrep scans.
The Policies page is a visual representation of the rules that Semgrep Code uses to scan code.
Troubleshoot scan failures on monorepos by studying logs, compartmentalizing scans, increasing RAM, and running jobs in parallel.
Troubleshoot "invalid header value" errors in GitHub and Gitlab
This may be occurring because rule coverage has increased.