Skip to content

Semgrep

Semgrep is a matching pattern tool for applicative codebase. Very security oriented, it is compatible with CI/CD pipeline tools.

Semgrep CLI

Install the CLI tool

Bash
python3 -m pip install semgrep

Use the CLI

Text Only
# Local scan auto configuration
semgrep --config=auto .
# Docker run with auto configuration
docker run --rm -v "${PWD}:/src" returntocorp/semgrep --config=auto

Rules packages

Semgrep community release a lot of rules packages available on the semgrep public registry.

AppSec

Containers

Component configuration

Ignore

To exclude some files from the analyses, we can create a .semgrepignore file using the same pattern as .gitignore.