Use Ctrl+⇧Shift+P or ⌘Command+⇧Shift+P (macOS) to launch the Command Palette, and run the following to sign in to Semgrep AppSec Platform:
Semgrep: Sign in
You can use the extension without signing in, but doing so enables better results since you benefit from Semgrep Code and its Pro rules.
3
Launch the Command Palette using Ctrl+⇧Shift+P or ⌘Command+⇧Shift+P (macOS), and scan your files by running:
Semgrep: Scan all files in workspace
4
To see detailed vulnerability information, hover over the code underlined in yellow. You can also see the findings identified by Semgrep using ⇧Shift+Ctrl+M or ⌘Command+⇧Shift+M (macOS) and opening the Problems tab.
In IntelliJ: Settings/Preferences > Plugins > Marketplace > Search for semgrep-intellij > Install. You may need to restart IntelliJ for the Semgrep extension to be installed.
2
Sign in: Press Ctrl+⇧Shift+A (Windows) or ⌘Command+⇧Shift+A (macOS) and sign in to Semgrep AppSec Platform by selecting the following command:
Sign in with Semgrep
3
Test the extension by pressing Ctrl+⇧Shift+A (Windows) or ⌘Command+⇧Shift+A (macOS) and run the following command:
Scan workspace with Semgrep
4
See Semgrep findings: Hold the pointer over the code that has the red underline.
FEATURE MATURITYSemgrep’s IntelliJ extensions are currently in beta. Currently, the IntelliJ extension only supports Semgrep Community Edition (CE) - it doesn’t support Semgrep Supply Chain, Secrets, Pro rules, or Pro Engine. Please join the Semgrep community Slack workspace and let the Semgrep team know if you encounter any issues.
Semgrep’s VS Code extension supports the use of Pro rules and cross-file analysis. Other IDE scans use Semgrep Community Edition (CE) for its speed, and these scans are limited to single-file analysis. As a result, you may encounter a higher rate of false positives.
