๐๏ธ Semgrep with self-hosted Ubuntu runners in Azure Pipelines
Run Semgrep on self-hosted Ubuntu runners in Azure DevOps.
๐๏ธ Running Semgrep using templates in Azure Pipelines
Running Semgrep commands in Azure Pipelines templates.
๐๏ธ Run Semgrep in Jenkins when using Bitbucket as the source code manager
To scan your code hosted by Bitbucket with Semgrep using a Jenkins project or pipeline, you must:
๐๏ธ Semgrep in CI vs CLI: align your SAST scan results and understand differences
How to align your scan results between CI and CLI and understand differences in behavior.
๐๏ธ Collecting Semgrep GitHub Actions logs from GitHub
Collect logs from GitHub Actions to troubleshoot Semgrep CI scans.
๐๏ธ GitLab "Job's log exceeded limit" error
Collect verbose logs from GitLab to troubleshoot Semgrep CI scans.
๐๏ธ Failed to run a git command during a pull request or merge request scan
When running Semgrep in CI with a pull request or merge request as the triggering event, Semgrep runs some additional git commands to determine the behavior for the scan. The scan exits with an error if these commands fail. A message like the following shows in the output:
๐๏ธ Use GitHub repository rulesets to implement Semgrep
Set up GitHub repository rulesets to implement Semgrep scans across many repositories in an organization.
๐๏ธ Set up reusable GitHub workflows for Semgrep scans
Learn how to set up reusable GitHub workflows for Semgrep scans.
๐๏ธ Why aren't findings populating in the GitHub Advanced Security Dashboard after running Semgrep in CI?
To prevent "resource not accessible by integration" error when running job to upload findings to GitHub's Advanced Security Dashboard
๐๏ธ Scan with GitHub and Jenkins
Set up full and diff-aware scans in Jenkins with Multibranch Pipeline projects.
๐๏ธ Create a Jenkins Shared Library for use with Semgrep scans
Create a Jenkins Shared Library for use with Semgrep scans
๐๏ธ Receive Semgrep MR comments through a GitLab runner
Set additional environment variables to receive Semgrep MR comments through a GitLab runner.
๐๏ธ Why are there new source code manager (SCM) connections that I didn't manually configure listed in Semgrep AppSec Platform?
Learn why there are new SCMs listed in Semgrep AppSec Platform.
๐๏ธ Does Semgrep scan compressed files or other non-code files?
Options to scan compressed files or other artifacts with Semgrep.
๐๏ธ Scanning a monorepo in parts
How to scan a monorepo in parts for better CI performance and clearer findings organization
๐๏ธ Add Semgrep to your Semaphore pipeline
Learn how to add Semgrep to your Semaphore pipeline
๐๏ธ How to trigger diff-aware scans
Learn how to run a diff-aware scan.
๐๏ธ Upload Semgrep CI findings to GitHub Advanced Security Dashboard
This document shows an sample job configuration that uploads your Semgrep findings to GitHub Advanced Security Dashboard. See GitHub Actions for information on adding a Semgrep configuration file to your GitHub Actions pipeline.
๐๏ธ Upload Semgrep CI findings to GitLab Security Dashboard
This document shows an sample job configuration that uploads your Semgrep findings to GitLab Security Dashboard. See GitLab CI/CD for information on adding a Semgrep configuration file to your GitLab CI/CD pipeline.
๐๏ธ Configure GitHub Actions to use the nonroot Semgrep docker image
How to properly configure your GitHub Actions workflow to use the `nonroot` Semgrep docker image
๐๏ธ Why are duplicate findings appearing after running Semgrep in CI?
To prevent duplicated findings, perform full scans only on the main branch of your repository.