17 docs tagged with "Semgrep Supply Chain"

Troubleshoot common issues with Semgrep scans.

Set up Semgrep Supply Chain to correctly detect packages in Maven.

How to generate lockfiles for Semgrep Supply Chain in a Circle CI pipeline.

Generate various Python lock files to run Semgrep Supply Chain scans successfully.

Exclude a Semgrep Supply Chain rule from a scan

Prevent unwanted noise when scanning for dependency vulnerabilities by ignoring lockfiles or code files.

Refer to this section to set up Semgrep Supply Chain for your specific tooling or pipeline.

Configure Jenkins to send the correct branch name to Semgrep AppSec Platform.

Semgrep Supply Chain can detect and list a package's license. Prevent or exempt certain packages from being used based on their licenses.

Use policies to define the conditions in which developers are notified of a finding or potentially blocked from merging their PR or MR.

Learn how Semgrep leverages its engine to scan open source dependencies with high-signal rules.

Generate a CycloneDX JSON or XML SBOM to view all repository dependencies.

Definitions of Semgrep Supply Chain and software composition analysis (SCA) terms.

Scan your project with Semgrep Supply Chain.

View and search through all your dependencies in all your onboarded repositories at any time.

Perform triage and remediation of dependency vulnerabilities through Semgrep Supply Chain.

Troubleshoot why findings for Semgrep Supply Chain are not showing.