15 docs tagged with "Semgrep Supply Chain"

Troubleshoot common issues with Semgrep scans.

Receive notifications about reachable findings from your Semgrep Supply Chain scans.

Set up Semgrep Supply Chain to correctly detect packages in Maven.

Search through all your dependencies in all your onboarded repositories at any time.

Generate various Python lock files to run Semgrep Supply Chain scans successfully.

Glossary of terms related to software composition analysis and Semgrep Supply Chain.

Prevent unwanted noise when scanning for dependency vulnerabilities by ignoring lockfiles or code files.

Refer to this section to set up Semgrep Supply Chain for your specific tooling or pipeline.

Configure Jenkins to send the correct branch name to Semgrep Cloud Platform.

Semgrep Supply Chain can detect and list a package's license. Prevent or exempt certain packages from being used based on their licenses.

Scan your codebase's open source dependencies with Semgrep Supply Chain's high-signal rules that determine a vulnerability's reachability.

Learn how Semgrep leverages its engine to scan open source dependencies with high-signal rules.

Semgrep supports more than two dozen languages. Learn about generally available, beta, and experimentally supported languages.

Perform triage and remediation of dependency vulnerabilities through Semgrep Supply Chain.

Troubleshoot why findings for Semgrep Supply Chain are not showing.