> ## Documentation Index
> Fetch the complete documentation index at: https://docs.coderabbit.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# OpenGrep

> CodeRabbit's guide to OpenGrep.

[OpenGrep](https://github.com/opengrep/opengrep) is a high-performance static code analysis engine for finding security vulnerabilities and bugs across many languages. It is compatible with Semgrep configurations, so you can use existing Semgrep rule sets.

## Files

OpenGrep runs on files with the following extensions:

* **C/C++**: `.c`, `.cpp`, `.cc`, `.cxx`, `.c++`, `.h`, `.hpp`, `.hh`, `.hxx`, `.h++`
* **C#**: `.cs`
* **Go**: `.go`
* **Java**: `.java`
* **JavaScript/TypeScript**: `.js`, `.jsx`, `.ts`, `.tsx`
* **Kotlin**: `.kt`
* **Python**: `.py`
* **Ruby**: `.rb`
* **Rust**: `.rs`
* **PHP**: `.php`
* **Scala**: `.scala`
* **Swift**: `.swift`
* **Terraform**: `.tf`
* **JSON**: `.json`

## Configuration

OpenGrep is **Semgrep-compatible**. CodeRabbit looks for a config file in this order:

* `opengrep.yml`
* `opengrep.yaml`
* `opengrep.config.yml`
* `opengrep.config.yaml`
* `semgrep.yml`
* `semgrep.yaml`
* `semgrep.config.yml`
* `semgrep.config.yaml`

Search starts in the repository root and in PR-changed files, then falls back to a broader repository search. If no config file is found, CodeRabbit writes a temporary fallback config based on the selected review profile.

## When we skip OpenGrep

CodeRabbit skips OpenGrep when:

* OpenGrep is disabled in your CodeRabbit configuration.
* No files in the pull request match the supported extensions.
* OpenGrep is already running in GitHub workflows.

## Links

* [OpenGrep GitHub](https://github.com/opengrep/opengrep)
* [Semgrep rule syntax](https://semgrep.dev/docs/writing-rules/rule-syntax/) (OpenGrep is compatible)