Quickstart
Learn how to set up Semgrep, scan your first project for security issues, and view your findings.
You must have Python 3.9 or later installed on the machine where the Semgrep CLI is running.
-
Navigate to Semgrep AppSec Platform, and sign up by clicking on Sign in with GitHub or Sign in with GitLab. Follow the on-screen prompts to grant Semgrep the necessary permissions and proceed.
-
Provide the Organization display name you'd like to use, then click Create new organization.
-
When asked Where do you want to scan? click Run on CLI.
-
Launch your CLI, and follow the instructions on the Scan a project on your machine page. For your convenience, the same information is presented below, along with instructions for Windows users.
- macOS
- Linux
- Windows Subsystem for Linux (WSL)
- Docker
-
Install the Semgrep CLI and confirm the installation:
# install through homebrew
brew install semgrep
# install through pip
python3 -m pip install semgrep
# confirm installation succeeded by printing the currently installed version
semgrep --versionnoteHomebrew users: ensure that you've added Homebrew to your PATH.
-
Log in to your Semgrep account. Running this command launches a browser window, but you can also use the link that's returned in the CLI to proceed:
semgrep login
-
In the Semgrep CLI login, click Activate to proceed.
-
Return to the CLI, navigate to the root of your repository, and run your first scan:
semgrep ci
-
Install the Semgrep CLI and confirm the installation:
# install through pip
python3 -m pip install semgrep
# confirm installation succeeded by printing the currently installed version
semgrep --version -
Log in to your Semgrep account. Running this command launches a browser window, but you can also use the link that's returned in the CLI to proceed:
semgrep login
-
In the Semgrep CLI login, click Activate to proceed.
-
Return to the CLI, navigate to the root of your repository, and run your first scan:
semgrep ci
PrerequisitesEnsure that you have the Windows Subsystem for Linux installed before proceeding.
-
Using the WSL interface, install the Semgrep CLI and confirm the installation:
# install through pip
python3 -m pip install semgrep
# confirm installation succeeded by printing the currently installed version
semgrep --version -
Log in to your Semgrep account. Running this command launches a browser window, but you can also use the link that's returned in the CLI to proceed:
semgrep login
-
In the Semgrep CLI login, click Activate to proceed.
-
Return to the WSL interface, navigate to the root of your repository, and run your first scan:
semgrep ci
PrerequisitesEnsure that you have Docker installed before proceeding.
-
Pull the latest image and confirm the version:
docker pull semgrep/semgrep
# confirm version
docker run --rm semgrep/semgrep semgrep --version -
For users running Docker on macOS or Linux Docker:
-
Log in to your Semgrep account (running this command will launch a browser window, but you can also use the link that's returned in the CLI to proceed):
docker run -it semgrep/semgrep semgrep login
-
In the Semgrep CLI login, click Activate to proceed. Return to the CLI and copy the login token that's shown.
-
Navigate into the root of your repository, and run your first scan. Be sure to substitute
YOUR_TOKEN
with the login token value you copied in the previous step:docker run -e SEMGREP_APP_TOKEN=YOUR_TOKEN --rm -v "${PWD}:/src" semgrep/semgrep semgrep ci
The provided
-v
option mounts the current directory into the container to be scanned. Navigate into a different repository or provide a specific local directory in the command to scan a different project.
-
-
For users running Docker on Windows:
-
Log in to your Semgrep account (running this command will launch a browser window, but you can also use the link that's returned in the CLI to proceed):
docker run -it semgrep/semgrep semgrep login
-
In the Semgrep CLI login, click Activate to proceed. Return to the CLI, and copy the login token that's shown.
-
Navigate into the root of your repository, and run your first scan. Be sure to substitute
YOUR_TOKEN
with the login token value you copied in the previous step:docker run -e SEMGREP_APP_TOKEN=YOUR_TOKEN --rm -v "%cd%:/src" semgrep/semgrep semgrep ci
The provided
-v
option mounts the current directory into the container to be scanned. Navigate into a different repository or provide a specific local directory in the command to scan a different project.
-
-
Once you've scanned your first application, return to Semgrep AppSec Platform, and click View findings to see the security vulnerabilities in your project. Alternatively, you can view your results in Semgrep AppSec Platform's Dashboard page. For detailed information, click Code to access your SAST findings or Supply Chain to access your SCA findings.
infoCode is not uploaded. Only findings are sent to Semgrep AppSec Platform.
Scan without a GitHub or GitLab account
If you don't have a GitHub or GitLab account, you can use semgrep scan
in your CLI. See Scan your project for more details.
Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.