From 53d3c60005c405f6c7f5000c5f3fb8c1d870d803 Mon Sep 17 00:00:00 2001 From: alex <alex@coderabbit.ai> Date: Mon, 14 Oct 2024 10:22:56 -0400 Subject: [PATCH 1/5] update semgrep config with full details --- docs/tools/semgrep.md | 42 ++++++++++++++++++++++++++---------------- 1 file changed, 26 insertions(+), 16 deletions(-) diff --git a/docs/tools/semgrep.md b/docs/tools/semgrep.md index 7aca24ab..b6306da9 100644 --- a/docs/tools/semgrep.md +++ b/docs/tools/semgrep.md @@ -4,21 +4,43 @@ sidebar_label: Semgrep description: CodeRabbit's guide to Semgrep. --- -[Semgrep](https://semgrep.dev/) is a static analysis tool designed to scan code for security vulnerabilities and code quality issues.. +[Semgrep](https://semgrep.dev/) is a static analysis tool designed to scan code +for security vulnerabilities and code quality issues. + +## Configuration + +Semgrep uses a YAML style configuration file. + +> Due to licensing it doesn't ship with the +> [community-created Semgrep rules](https://github.com/returntocorp/semgrep-rules), +> but you're free to use these in your own project. + +Semgrep supports the following config files: + +- User-defined config file set at `reviews.tools.semgrep.config_file` in your + project's `.coderabbit.yaml` file or setting the "Review → Tools → Semgrep → + Config File" field in CodeRabbit's settings page. + +> **NOTE: If you do not set a config file in your `.coderabbit.yaml` or config +> UI then semgrep will not be run.** + +## Links + +- [Semgrep Cli Reference](https://semgrep.dev/docs/cli-reference) ## Files Semgrep will run on the following files and extensions: - `Apex` -- `Bash` +- `Bash` - `.c` - `.cpp` - `.cs` - `.clj` - `.dart` - `Dockerfile` -- `.ex` +- `.ex` - `.html` - `.go` - `.java` @@ -36,7 +58,7 @@ Semgrep will run on the following files and extensions: - `.py` - `.r` - `.rb` -- `.rs` +- `.rs` - `.scala` - `Scheme` - `.sol` @@ -48,15 +70,3 @@ Semgrep will run on the following files and extensions: - `.xml` - `ERB` - `Jinja` - -## Configuration - -Semgrep uses a YAML style configuration file. - -Semgrep supports the following config files: - -- User-defined config file set at `reviews.tools.semgrep.config_file` in your project's `.coderabbit.yaml` file or setting the "Review → Tools → Semgrep → Config File" field in CodeRabbit's settings page. - -## Links - -- [Semgrep Cli Reference](https://semgrep.dev/docs/cli-reference) From 3fab5190b224007e98e0f8f548803d88196a1b6c Mon Sep 17 00:00:00 2001 From: alex <alex@coderabbit.ai> Date: Mon, 14 Oct 2024 10:26:40 -0400 Subject: [PATCH 2/5] move notes around --- docs/tools/semgrep.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/docs/tools/semgrep.md b/docs/tools/semgrep.md index b6306da9..bb304068 100644 --- a/docs/tools/semgrep.md +++ b/docs/tools/semgrep.md @@ -11,18 +11,19 @@ for security vulnerabilities and code quality issues. Semgrep uses a YAML style configuration file. -> Due to licensing it doesn't ship with the -> [community-created Semgrep rules](https://github.com/returntocorp/semgrep-rules), -> but you're free to use these in your own project. - Semgrep supports the following config files: - User-defined config file set at `reviews.tools.semgrep.config_file` in your project's `.coderabbit.yaml` file or setting the "Review → Tools → Semgrep → Config File" field in CodeRabbit's settings page. -> **NOTE: If you do not set a config file in your `.coderabbit.yaml` or config -> UI then semgrep will not be run.** +> Due to licensing it doesn't ship with the +> [community-created Semgrep rules](https://github.com/returntocorp/semgrep-rules), +> but you're free to use these in your own project. + +> **NOTE: CodeRabbit will only run Semgrep if your repository contains a Semgrep +> config file. In addition you must also define the path to this file in +> `.coderabbit.yaml` or config UI.** ## Links From e7b92fc4537bdf700e3adcc487f1d52bcbdcce54 Mon Sep 17 00:00:00 2001 From: alex <alex@coderabbit.ai> Date: Mon, 14 Oct 2024 10:51:55 -0400 Subject: [PATCH 3/5] add link to semgrep rules docs --- docs/tools/semgrep.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/tools/semgrep.md b/docs/tools/semgrep.md index bb304068..fc3a65ff 100644 --- a/docs/tools/semgrep.md +++ b/docs/tools/semgrep.md @@ -19,7 +19,7 @@ Semgrep supports the following config files: > Due to licensing it doesn't ship with the > [community-created Semgrep rules](https://github.com/returntocorp/semgrep-rules), -> but you're free to use these in your own project. +> but you're free to use these in your own `semgrep.yml` config file. > **NOTE: CodeRabbit will only run Semgrep if your repository contains a Semgrep > config file. In addition you must also define the path to this file in @@ -27,7 +27,8 @@ Semgrep supports the following config files: ## Links -- [Semgrep Cli Reference](https://semgrep.dev/docs/cli-reference) +- [Semgrep CLI Reference](https://semgrep.dev/docs/cli-reference) +- [Writing Semgrep Rules for Config Files](https://semgrep.dev/docs/running-rules) ## Files From 932ef6b0f56e41546b50480f2dff73f6ddeb5c37 Mon Sep 17 00:00:00 2001 From: alex <alex@coderabbit.ai> Date: Mon, 14 Oct 2024 10:52:46 -0400 Subject: [PATCH 4/5] english fix --- docs/tools/semgrep.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tools/semgrep.md b/docs/tools/semgrep.md index fc3a65ff..b69da44c 100644 --- a/docs/tools/semgrep.md +++ b/docs/tools/semgrep.md @@ -17,7 +17,7 @@ Semgrep supports the following config files: project's `.coderabbit.yaml` file or setting the "Review → Tools → Semgrep → Config File" field in CodeRabbit's settings page. -> Due to licensing it doesn't ship with the +> Due to licensing CodeRabbit does not ship with the > [community-created Semgrep rules](https://github.com/returntocorp/semgrep-rules), > but you're free to use these in your own `semgrep.yml` config file. From 369d0bf1751adfa39ba083bf57108a48916284d7 Mon Sep 17 00:00:00 2001 From: alex <alex@coderabbit.ai> Date: Mon, 14 Oct 2024 12:06:26 -0400 Subject: [PATCH 5/5] adding notes on default semgrep config file names --- docs/tools/semgrep.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/docs/tools/semgrep.md b/docs/tools/semgrep.md index b69da44c..f3d027eb 100644 --- a/docs/tools/semgrep.md +++ b/docs/tools/semgrep.md @@ -9,7 +9,12 @@ for security vulnerabilities and code quality issues. ## Configuration -Semgrep uses a YAML style configuration file. +Semgrep uses a YAML style configuration file. By default we will automatically +use the following files if any are set in the root directory of your +repostitory. + +- `semgrep.yml` or `semgrep.yaml` +- `semgrep.config.yml` or `semgrep.config.yaml` Semgrep supports the following config files: @@ -22,8 +27,8 @@ Semgrep supports the following config files: > but you're free to use these in your own `semgrep.yml` config file. > **NOTE: CodeRabbit will only run Semgrep if your repository contains a Semgrep -> config file. In addition you must also define the path to this file in -> `.coderabbit.yaml` or config UI.** +> config file. This config must use the default file names or you must define +> the path to this file in the `.coderabbit.yaml` or config UI.** ## Links