Skip to content

Commit

Permalink
update semgrep config with full details (#106)
Browse files Browse the repository at this point in the history
* update semgrep config with full details

* move notes around

* add link to semgrep rules docs

* english fix

* adding notes on default semgrep config file names
  • Loading branch information
alexcoderabbitai authored Oct 14, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent d96fea2 commit 097373e
Showing 1 changed file with 33 additions and 16 deletions.
49 changes: 33 additions & 16 deletions docs/tools/semgrep.md
Original file line number Diff line number Diff line change
@@ -4,21 +4,50 @@ sidebar_label: Semgrep
description: CodeRabbit's guide to Semgrep.
---

[Semgrep](https://semgrep.dev/) is a static analysis tool designed to scan code for security vulnerabilities and code quality issues..
[Semgrep](https://semgrep.dev/) is a static analysis tool designed to scan code
for security vulnerabilities and code quality issues.

## Configuration

Semgrep uses a YAML style configuration file. By default we will automatically
use the following files if any are set in the root directory of your
repostitory.

- `semgrep.yml` or `semgrep.yaml`
- `semgrep.config.yml` or `semgrep.config.yaml`

Semgrep supports the following config files:

- User-defined config file set at `reviews.tools.semgrep.config_file` in your
project's `.coderabbit.yaml` file or setting the "Review → Tools → Semgrep →
Config File" field in CodeRabbit's settings page.

> Due to licensing CodeRabbit does not ship with the
> [community-created Semgrep rules](https://github.com/returntocorp/semgrep-rules),
> but you're free to use these in your own `semgrep.yml` config file.
> **NOTE: CodeRabbit will only run Semgrep if your repository contains a Semgrep
> config file. This config must use the default file names or you must define
> the path to this file in the `.coderabbit.yaml` or config UI.**
## Links

- [Semgrep CLI Reference](https://semgrep.dev/docs/cli-reference)
- [Writing Semgrep Rules for Config Files](https://semgrep.dev/docs/running-rules)

## Files

Semgrep will run on the following files and extensions:

- `Apex`
- `Bash`
- `Bash`
- `.c`
- `.cpp`
- `.cs`
- `.clj`
- `.dart`
- `Dockerfile`
- `.ex`
- `.ex`
- `.html`
- `.go`
- `.java`
@@ -36,7 +65,7 @@ Semgrep will run on the following files and extensions:
- `.py`
- `.r`
- `.rb`
- `.rs`
- `.rs`
- `.scala`
- `Scheme`
- `.sol`
@@ -48,15 +77,3 @@ Semgrep will run on the following files and extensions:
- `.xml`
- `ERB`
- `Jinja`

## Configuration

Semgrep uses a YAML style configuration file.

Semgrep supports the following config files:

- User-defined config file set at `reviews.tools.semgrep.config_file` in your project's `.coderabbit.yaml` file or setting the "Review → Tools → Semgrep → Config File" field in CodeRabbit's settings page.

## Links

- [Semgrep Cli Reference](https://semgrep.dev/docs/cli-reference)

0 comments on commit 097373e

Please sign in to comment.