Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt

Use this file to discover all available pages before exploring further.

This page provides step-by-step instructions on enabling and running an AI-powered scan. For details on what AI-powered detection can uncover, known limitations, and beta considerations, see AI-powered detection overview.

Prerequisites

To run Semgrep Code’s AI-powered detection, ensure that you meet the following requirements:

Enable or disable AI-powered detection

This feature is enabled by default for all Semgrep Multimodal users. To enable or disable AI-powered detection in Semgrep AppSec Platform, go to Settings > Code and then toggle AI-powered scanning on or off.

Scan with AI-powered detection

1
Log in to Semgrep AppSec Platform.
2
In the navigation bar, click on Projects.
To scan the default or main branch:
1
Choose the projects by selecting the checkboxes next to their names. This enables the Run a new scan drop-down menu.
2
Click Run a new scan > AI-powered detection.
3
A dialog appears that displays the number of projects that were selected for scanning. Click Scan to begin.
  • If you would like Semgrep to automatically perform an AI scan on these projects every week, select Enable weekly scans.
To scan a non-default branch:
1
Click Details for your project of interest. On the project’s Details page, click Run a new scan and choose AI-powered detection.
2
In the dialog, enter the name of the branch you want to scan.

View findings

Findings generated by AI-powered detection scans are part of Semgrep Code findings and are listed on the Code page. You can use the filters icon to filter for AI-powered scan findings. The findings card indicates whether a finding was detected by an AI-powered scan or a Rule-based scan.

Add additional context to AI-powered detection scans

INFOOnly Admins can upload context documents to Semgrep projects.
By uploading project-specific context such as design documents, threat models, or instructional markdown, you can provide additional information for Semgrep to use during AI-powered scans. This enables Semgrep to show higher-impact findings and reduce false positives based on how your application is designed and used. To upload a project-specific context document:
1
Log in to Semgrep AppSec Platform.
2
In the navigation bar, go to Rules & Policies > Memories.
3
Go to the Documents tab and click Add document.
4
Drag the document to the File upload box or click Choose a file to select and upload your context document.Optionally: Add a Description of the document. This information will be used as additional context for AI-powered detection scans.
The finding Details page references the uploaded context document under the finding description. For an in-depth understanding of how AI-powered detection works, see AI-powered detection: concepts, limitations, and FAQs.