Semgrep
Semgrep is a fast, open source, static analysis engine for finding bugs, detecting dependency vulnerabilities, and enforcing code standards.
Prerequisite: Make sure you have set up an account in Semgrep
or get the API keys from an admin.
On the Edit build pipeline page, select the Pre-Build Stage (or Post-Build Stage).
Click + Add task.
Select Semgrep from PRESET PLUGINS.
Enter a relevant name in the
Task name
field. It is a mandatory field.Enter a descriptive message for the task in the
Description
field. It is an optional field.Provide a value for the input variable. Note: The value may be any of the values from the previous build stages, a global variable, or a custom value.
Variable | Format | Description |
---|---|---|
SemgrepAppToken | String | App token of Semgrep. If it is provided, this token will be used, otherwise it will be picked from Global Secret. |
PrefixAppNameInSemgrepBranchName | Bool | Enter either |
UseCommitAsSemgrepBranchName | Bool | Enter either |
SemgrepAppName | String | App name for Semgrep. If it is provided, and |
ExtraCommandArguments | String | Extra command arguments for Semgrep CI command. E.g., Input: --json --dry-run. |
Trigger/Skip Condition
refers to a conditional statement to execute or skip the task. You can select either:Set trigger conditions
orSet skip conditions
Click Update Pipeline.
Last updated