Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt

Use this file to discover all available pages before exploring further.

Semgrep swiftly scans code and package dependencies for known issues, software vulnerabilities, and detected secrets. Run Semgrep in your developer environment with the IntelliJ extension to catch code issues as you type. By default, the Semgrep IntelliJ extension scans code whenever you change or open files.
INFOSemgrep’s IntelliJ extension for Windows users is currently in beta.

Prerequisites

The Semgrep IntelliJ extension communicates with Semgrep command-line interface (CLI) to run scans. Install Semgrep CLI before you can use the extension. To install Semgrep CLI: 
# For macOS
$ brew install semgrep

# For Ubuntu/Windows/Linux/macOS, using pipx (https://pipx.pypa.io/stable/how-to/install-pipx/)
$ pipx install semgrep

# Or, using uv (https://docs.astral.sh/uv/)
$ uv tool install semgrep

Quickstart

1
Install the Semgrep extension:
2
Sign in: Press Ctrl+⇧Shift+A (Windows) or ⌘Command+⇧Shift+A (macOS) and sign in to Semgrep AppSec Platform by selecting the following command:
Sign in with Semgrep
3
Test the extension by pressing Ctrl+⇧Shift+A (Windows) or ⌘Command+⇧Shift+A (macOS) and run the following command:
Scan workspace with Semgrep
4
See Semgrep findings: Hold the pointer over the code that has the red underline.
FEATURE MATURITYSemgrep’s IntelliJ extensions are currently in beta. Currently, the IntelliJ extension only supports Semgrep Community Edition (CE) - it doesn’t support Semgrep Supply Chain, Secrets, Pro rules, or Pro Engine. Please join the Semgrep community Slack workspace and let the Semgrep team know if you encounter any issues.

Supported Jet Brains products

Semgrep’s IDE extension is available in many Jet Brains products:
  • AppCode
  • Aqua
  • CLion
  • DataSpell
  • DataGrip
  • GoLand
  • IntelliJ IDEA Ultimate
  • PhpStorm
  • PyCharm Professional
  • Rider
  • RubyMine
  • RustRover
  • WebStorm
INTELLIJ EXTENSION DOES NOT SUPPORT:
  • IntelliJ IDEA Community Edition.
Semgrep does not offer an IDE integration with IntelliJ Community Edition because this version lacks support for the Language Server Protocol (LSP), which is essential for enabling Semgrep’s code scanning features. IntelliJ Ultimate, which includes LSP support, is required to use Semgrep’s IDE integration.

Commands

Run Semgrep extension commands through the IntelliJ Command Palette. You can access the Command Palette by pressing Ctrl+⇧Shift+A (Windows) or ⌘Command+⇧Shift+A (macOS) on your keyboard.
  • Sign in with Semgrep: Sign up or log in to the Semgrep AppSec Platform (this command opens a new window in your browser). Alternatively, you can log in through your command-line interface by running semgrep login.
  • Sign out of Semgrep: Log out of Semgrep AppSec Platform. If you are logged out, you lose access to Semgrep Supply Chain and Semgrep Secrets. Alternatively, you can sign out through your command-line interface by running semgrep logout.
  • Scan workspace with Semgrep: Scan files that have been changed since the last commit in your current workspace.
  • Scan workspace with Semgrep (Including Unmodified Files): Scan all files in the current workspace.
TIPYou can also click the Semgrep icon in the IntelliJ toolbar to quickly access all available commands.

Features

Automatic scanning

When you open a file, Semgrep scans it right away. Hover over a match and click the link.

Support

If you need our support, join the Semgrep community Slack workspace and tell us about any problems you encountered.

Limitations

Semgrep’s VS Code extension supports the use of Pro rules and cross-file analysis. Other IDE scans use Semgrep Community Edition (CE) for its speed, and these scans are limited to single-file analysis. As a result, you may encounter a higher rate of false positives.

License

The Semgrep IntelliJ extension is licensed under the LGPL 2.1 license.