Skip to main content

Semgrep

Semgrep is a static analysis tool designed to scan code for security vulnerabilities and code quality issues..

Files

Semgrep will run on the following files and extensions:

  • Apex
  • Bash
  • .c
  • .cpp
  • .cs
  • .clj
  • .dart
  • Dockerfile
  • .ex
  • .html
  • .go
  • .java
  • .js
  • .jsx
  • .json
  • .jl
  • .jsonnet
  • .kt
  • .kts
  • Lisp
  • .lua
  • .ml
  • .php
  • .py
  • .r
  • .rb
  • .rs
  • .scala
  • Scheme
  • .sol
  • .swift
  • .tf
  • .ts
  • .tsx
  • .yaml
  • .xml
  • ERB
  • Jinja

Configuration

Semgrep uses a YAML style configuration file.

Semgrep supports the following config files:

  • User-defined config file set at reviews.tools.semgrep.config_file in your project's .coderabbit.yaml file or setting the "Review → Tools → Semgrep → Config File" field in CodeRabbit's settings page.