If you want the best introduction to writing Semgrep rules, use the interactive, example-based Semgrep rule tutorial.
Do it live!
You can write and share rules directly from the live editor. You can also write rules in your terminal and run Semgrep via a standalone CLI or Docker.
- Pattern syntax describes what Semgrep patterns can do
in detail, and provides example use cases of the ellipsis
operator, metavariables, and more.
- Rule syntax describes Semgrep YAML rule files, which can have multiple patterns, detailed output messages, and autofixes. The syntax allows the composition of individual patterns with boolean operators.
Looking for ideas on what rules to write? See Rule examples for common use cases and prompts to help you start writing rules from scratch.