> ## Documentation Index
> Fetch the complete documentation index at: https://docs.coderabbit.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# OpenGrep

> CodeRabbit's guide to OpenGrep.

[OpenGrep](https://github.com/opengrep/opengrep) is a high-performance static code analysis engine for finding security vulnerabilities and bugs across many languages. It is compatible with Semgrep configurations, so you can use existing Semgrep rule sets. CodeRabbit runs OpenGrep version 1.21.0.

## Files

OpenGrep runs on files with the following extensions:

* **C/C++**: `.c`, `.cpp`, `.cc`, `.cxx`, `.c++`, `.h`, `.hpp`, `.hh`, `.hxx`, `.h++`
* **C#**: `.cs`
* **Go**: `.go`
* **Java**: `.java`
* **JavaScript/TypeScript**: `.js`, `.jsx`, `.ts`, `.tsx`
* **Kotlin**: `.kt`, `.kts`
* **Python**: `.py`
* **Ruby**: `.rb`
* **Rust**: `.rs`
* **PHP**: `.php`
* **Scala**: `.scala`
* **Swift**: `.swift`
* **Terraform**: `.tf`
* **JSON**: `.json`

## Configuration

OpenGrep is **Semgrep-compatible**. CodeRabbit looks for a config file in this order:

* `opengrep.yml`
* `opengrep.yaml`
* `opengrep.config.yml`
* `opengrep.config.yaml`
* `semgrep.yml`
* `semgrep.yaml`
* `semgrep.config.yml`
* `semgrep.config.yaml`

Search starts in the repository root and in PR-changed files, then falls back to a broader repository search. If no config file is found, CodeRabbit writes a temporary fallback config based on the selected review profile.

## When we skip OpenGrep

CodeRabbit skips OpenGrep when:

* OpenGrep is disabled in your CodeRabbit configuration.
* No files in the pull request match the supported extensions.
* OpenGrep is already running in GitHub workflows.

## Links

* [OpenGrep GitHub](https://github.com/opengrep/opengrep)
* [Semgrep rule syntax](https://semgrep.dev/docs/writing-rules/rule-syntax/) (OpenGrep is compatible)