title | sidebar_label | description |
---|---|---|
Semgrep |
Semgrep |
CodeRabbit's guide to Semgrep. |
Semgrep is a static analysis tool designed to scan code for security vulnerabilities and code quality issues.
Semgrep uses a YAML style configuration file.
Semgrep supports the following config files:
- User-defined config file set at
reviews.tools.semgrep.config_file
in your project's.coderabbit.yaml
file or setting the "Review → Tools → Semgrep → Config File" field in CodeRabbit's settings page.
Due to licensing it doesn't ship with the community-created Semgrep rules, but you're free to use these in your own project.
NOTE: CodeRabbit will only run Semgrep if your repository contains a Semgrep config file. In addition you must also define the path to this file in
.coderabbit.yaml
or config UI.
Semgrep will run on the following files and extensions:
Apex
Bash
.c
.cpp
.cs
.clj
.dart
Dockerfile
.ex
.html
.go
.java
.js
.jsx
.json
.jl
.jsonnet
.kt
.kts
Lisp
.lua
.ml
.php
.py
.r
.rb
.rs
.scala
Scheme
.sol
.swift
.tf
.ts
.tsx
.yaml
.xml
ERB
Jinja