15 docs tagged with "Semgrep in CI"

Collect logs from GitHub Actions to troubleshoot Semgrep CI scans.

How to properly configure your GitHub Actions workflow to use the `nonroot` Semgrep docker image

Options to scan compressed files or other artifacts with Semgrep.

When running Semgrep in CI with a pull request or merge request as the triggering event, Semgrep runs some additional git commands to determine the behavior for the scan. The scan exits with an error if these commands fail. A message like the following shows in the output:

Collect verbose logs from GitLab to troubleshoot Semgrep CI scans.

How to test scans with different versions of Semgrep.

Set additional environment variables to receive Semgrep MR comments through a GitLab runner.

How to scan a monorepo in parts for better CI performance and clearer findings organization

How to align your scan results between CI and CLI and understand differences in behavior.

Learn how to set up reusable GitHub workflows for Semgrep scans.

To prevent duplicated findings, perform full scans only on the main branch of your repository.

Learn why there are new SCMs listed in Semgrep AppSec Platform.

To prevent "resource not accessible by integration" error when running job to upload findings to GitHub's Advanced Security Dashboard

When Semgrep comments on PR or MR findings, the comments are usually posted on the line of code where the finding is identified (inline). However, there are two common reasons why comments may not appear inline.

Use this reference to check why you may not be receiving Semgrep comments on PRs or MRs.