Skip to main content

Quickstart

Learn how to set up Semgrep, scan your first project for security issues, and view your findings.

prerequisites

You must have Python 3.9 or later installed on the machine where the Semgrep CLI is running.

  1. Navigate to Semgrep AppSec Platform, and sign up by clicking on Sign in with GitHub or Sign in with GitLab. Follow the on-screen prompts to grant Semgrep the necessary permissions and proceed.

  2. Provide the Organization display name you'd like to use, then click Create new organization.

  3. When asked Where do you want to scan? click Run on CLI.

  4. Launch your CLI, and follow the instructions on the Scan a project on your machine page. For your convenience, the same information is presented below, along with instructions for Windows users.

    1. Install the Semgrep CLI and confirm the installation:

      # install through homebrew
      brew install semgrep

      # install through pip
      python3 -m pip install semgrep

      # confirm installation succeeded by printing the currently installed version
      semgrep --version
      note

      Homebrew users: ensure that you've added Homebrew to your PATH.

    2. Log in to your Semgrep account. Running this command launches a browser window, but you can also use the link that's returned in the CLI to proceed:

      semgrep login
    3. In the Semgrep CLI login, click Activate to proceed.

    4. Return to the CLI, navigate to the root of your repository, and run your first scan:

      semgrep ci
  5. Once you've scanned your first application, return to Semgrep AppSec Platform, and click View findings to see the security vulnerabilities in your project. Alternatively, you can view your results in Semgrep AppSec Platform's Dashboard page. For detailed information, click Code to access your SAST findings or Supply Chain to access your SCA findings.

    info

    Code is not uploaded. Only findings are sent to Semgrep AppSec Platform.

Scan without a GitHub or GitLab account

If you don't have a GitHub or GitLab account, you can use semgrep scan in your CLI. See Scan your project for more details.


Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.