Semgrep
This feature is available exclusively as part of the Pro plan and is not included in the Lite plan. Please refer to our pricing page for more information about our plans and features.
Semgrep is a static analysis tool designed to scan code for security vulnerabilities and code quality issues.
Configuration
Semgrep uses a YAML style configuration file. By default we will automatically use the following files if any are set in the root directory of your repostitory.
semgrep.yml
orsemgrep.yaml
semgrep.config.yml
orsemgrep.config.yaml
Semgrep supports the following config files:
- User-defined config file set at
reviews.tools.semgrep.config_file
in your project's.coderabbit.yaml
file or setting the "Review → Tools → Semgrep → Config File" field in CodeRabbit's settings page.
Due to licensing, CodeRabbit does not ship with the community-created Semgrep rules, but you're free to use these in your own semgrep.yml
config file.
CodeRabbit will only run Semgrep if your repository contains a Semgrep config file. This config must use the default file names or you must define the path to this file in the .coderabbit.yaml
or config UI.
Links
Files
Semgrep will run on the following files and extensions:
Apex
Bash
.c
.cpp
.cs
.clj
.dart
Dockerfile
.ex
.html
.go
.java
.js
.jsx
.json
.jl
.jsonnet
.kt
.kts
Lisp
.lua
.ml
.php
.py
.r
.rb
.rs
.scala
Scheme
.sol
.swift
.tf
.ts
.tsx
.yaml
.xml
ERB
Jinja