CI configuration reference
Configure Semgrep in CI by setting various environment variables. Enable diff-aware scanning, connect to Semgrep App, and more.
Configure Semgrep in CI by setting various environment variables. Enable diff-aware scanning, connect to Semgrep App, and more.
Reference for the Semgrep command line tool including options and exit code behavior.
Configure how Semgrep in CI pipelines handles errors and blocks findings.
The Dashboard is a summary view within Semgrep App to help security teams evaluate their organization's security posture.
Semgrep Editor is a powerful tool within Semgrep App to author rules and quickly apply these rules across an organization to enforce coding standards across an organization.
The Findings page allows users to view, manage, and triage Findings.
Get started with Semgrep App to scan for security vulnerabilities on both local and remote repositories hosted on GitHub and GitLab.
Run Semgrep in CI environments. Learn about different features of Semgrep App-connected CI jobs and stand-alone Semgrep jobs.
Scan your codebase's open source dependencies with Semgrep Supply Chain's high-signal rules that determine a vulnerability's reachability.
Glossary of terms related to software composition analysis and Semgrep Supply Chain.
Prevent unwanted noise when scanning for dependency vulnerabilities by ignoring lockfiles or code files.
Integrate Semgrep into self-hosted and custom SCM tools such as GitHub Enterprise and GitLab Self Hosted.
Semgrep App contains 3rd party integrations to allow users to add data from Semgrep to other tools that are part of their workflows.
Try Semgrep App workflows, triage findings and work with rules and rulesets without any setup necessary. See what Semgrep detects in OWASP Juice Shop.
Guidelines on how to add or remove tags through Semgrep App and semgrepconfig.yml file.
Learn about roles, user management, and how to implement role-based access control in Semgrep App.
Semgrep CI integrates with 3rd party services when connected to Semgrep App. Learn how to get Slack or email alerts about findings and failures, how to get merge or pull request comments in your CI/CD pipeline, or how to integrate using webhooks.
Learn how Semgrep leverages its engine to scan open source dependencies with high-signal rules.
Semgrep CLI and CI are free to use. Semgrep App has both free and paid tiers, each with their own features and levels of support.
Receive notifications about reachable findings from your Semgrep Supply Chain scans.
The Rule Board is a visual representation of the rules that Semgrep App uses to scan code. Rules are cards, and are grouped into columns representing the actions undertaken (whether to block, comment, or silently monitor) when a finding surfaces.
Set up your CI pipeline with Semgrep App for centralized rule and findings management.
Set up Semgrep in CI without connecting to Semgrep App.
View sample configuration files to run Semgrep with various CI/CD providers such as GitHub, GitLab, Jenkins, Buildkite, CircleCI, and more.
This document links to Semgrep API documentation.
SSO configuration instruction
Semgrep supports more than two dozen languages. Learn about generally available, beta, and experimentally supported languages.
Perform triage and remediation of dependency vulnerabilities through Semgrep Supply Chain.
Fix issues with GitLab SAST's Semgrep analyzer, such as jobs running slowly, not showing results, or returning errors.
Not seeing what you expect in Semgrep App? Follow these troubleshooting steps or find out how to get one-on-one help.