A Semgrep scan is having a problem - what next?
Troubleshoot common issues with Semgrep scans.
Troubleshoot common issues with Semgrep scans.
Set up Semgrep Supply Chain to correctly detect packages in Maven.
Detailed documentation for Semgrep's C# support.
Learn how Semgrep detects malicious dependencies and enable malicious dependency detection in your Supply Chain scans.
How to generate lockfiles for Semgrep Supply Chain in a Circle CI pipeline.
Generate Python lockfiles to run Semgrep Supply Chain scans successfully.
Detailed documentation for Semgrep's Go support.
Exclude a Semgrep Supply Chain rule from a scan
Prevent unwanted noise when scanning for dependency vulnerabilities by ignoring manifest files, lockfiles, or code files.
Refer to this section to set up Semgrep Supply Chain for your specific tooling or pipeline.
Detailed documentation for Semgrep's Java support.
Detailed documentation for Semgrep's JavaScript support.
Configure Jenkins to send the correct branch name to Semgrep AppSec Platform.
Detailed documentation for Semgrep's Kotlin support.
Semgrep Supply Chain can detect and list a package's license. Prevent or exempt certain packages from being used based on their licenses.
Use policies to define the conditions in which developers are notified of a finding or potentially blocked from merging their PR or MR.
Learn how Semgrep leverages its engine to scan open source dependencies with high-signal rules.
Detailed documentation for Semgrep's Ruby support.
Generate a CycloneDX JSON or XML SBOM to view all repository dependencies.
Detailed documentation for Semgrep's Scala support.
Definitions of Semgrep Supply Chain and software composition analysis (SCA) terms.
Detailed documentation for Semgrep's Swift support.
Scan your project with Semgrep Supply Chain.
Perform triage and remediation of dependency vulnerabilities through Semgrep Supply Chain.
Know if a vulnerable package or dependency can be easily and reliably upgraded to a fixed version.
View and export Semgrep Supply Chain Findings."
View and search through all your dependencies in all your onboarded repositories at any time.
Troubleshoot why findings for Semgrep Supply Chain are not showing.
Learn why the count of findings differs in the API and Semgrep AppSec Platform.