Skip to main content

39 docs tagged with "Team & Enterprise Tier"

View All Tags

Alerts and notifications

Learn how to receive Slack or email alerts about findings and failures, how to receive merge or pull request comments in your CI/CD pipeline, or how to integrate using webhooks.


This document links to Semgrep API documentation.

Bitbucket PR comments

Enable PR comments in your Bitbucket repositories to display Semgrep findings to developers.

CI environment variables

Configure Semgrep in CI by setting various environment variables. Enable diff-aware scanning, connect to Semgrep Cloud Platform, and more.

CLI reference

Reference for the Semgrep command-line interface including options and exit code behavior.


The Dashboard is a summary view within Semgrep Cloud Platform to help security teams evaluate their organization's security posture.

Dependency search

Search through all your dependencies in all your onboarded repositories at any time.


Semgrep Editor is a powerful tool within Semgrep Cloud Platform to write rules and quickly apply these rules across an organization to enforce coding standards across an organization.


Receive Semgrep findings via email.


The Findings page allows users to view, manage, and triage Findings.

GitHub PR comments

Enable pull request (PR) comments in your GitHub repositories to display Semgrep findings to developers.

GitLab MR comments

Enable merge request (MR) comments in your GitLab repositories to display Semgrep findings to developers.


Glossary of terms related to software composition analysis and Semgrep Supply Chain.

Learning Semgrep Code

Try Semgrep Code workflows, triage findings and work with rules and rulesets without any setup necessary. See what Semgrep detects in OWASP Juice Shop.


The Policies page is a visual representation of the rules that Semgrep Code uses to scan code.

Pricing and billing

Learn about pricing, tiers, and feature support for the following Semgrep Products: Semgrep OSS, Semgrep Code, and Semgrep Supply Chain.

Rule board

The Rule Board is a visual representation of the rules that Semgrep Cloud Platform uses to scan code. Rules are cards, and are grouped into columns representing the actions undertaken (whether to block, comment, or silently monitor) when a finding surfaces.

Sample CI configurations

View sample configuration files to run Semgrep with various CI/CD providers such as GitHub, GitLab, Jenkins, Buildkite, CircleCI, and more.

Semgrep Cloud Platform

Get started with Semgrep Cloud Platform to scan for security vulnerabilities on both local and remote repositories hosted on GitHub and GitLab.

Semgrep in CI

Run Semgrep in CI environments. Learn about different features of CI jobs connected to Semgrep Cloud Platform and stand-alone Semgrep jobs.

Semgrep Pro rules

A guide using to Semgrep Pro Rules: supported languages, vulnerabilities covered, and using Pro rules in Semgrep scans.

Semgrep Supply Chain

Scan your codebase's open source dependencies with Semgrep Supply Chain's high-signal rules that determine a vulnerability's reachability.


Receive Semgrep findings in your Slack workspaces.

Supported languages

Semgrep supports more than two dozen languages. Learn about generally available, beta, and experimentally supported languages.

Tagging projects

Guidelines on how to add or remove tags through Semgrep Cloud Platform and semgrepconfig.yml file.

Triage and remediation

Perform triage and remediation of dependency vulnerabilities through Semgrep Supply Chain.


Not seeing what you expect in Semgrep Cloud Platform? Follow these troubleshooting steps or find out how to get one-on-one help.

Troubleshooting Semgrep in CI

Get more information when Semgrep in CI hangs, crashes, times out, or runs too slow. Fix issues with GitLab SAST's Semgrep analyzer, such as jobs running slowly, not showing results, or returning errors.

Users, accounts, and roles

Learn about roles, user management, and how to implement role-based access control in Semgrep Cloud Platform.


Create webhooks to receive Semgrep findings in your endpoints.