Documentation Index
Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt
Use this file to discover all available pages before exploring further.
PREREQUISITESYou must have Python 3.10 or later installed on the machine where the Semgrep CLI is running.
Go to Semgrep AppSec Platform, and sign up by clicking on Continue with GitHub or Continue with GitLab. Follow the on-screen prompts to grant Semgrep the necessary permissions. Provide the Organization display name you’d like to use, then click Create new organization.
When asked Where do you want to scan? click Run on CLI.
Launch your CLI, and follow the instructions on the Scan a project on your machine page. For your convenience, the same information is presented below, along with instructions for Windows users. macOS
Linux
Windows (beta)
Docker
i. Install the Semgrep CLI and confirm the installation:# install through homebrew
brew install semgrep
# or, install through pipx (https://pipx.pypa.io/stable/how-to/install-pipx/)
pipx install semgrep
# or, install through uv (https://docs.astral.sh/uv/)
uv tool install semgrep
# confirm installation succeeded by printing the currently installed version
semgrep --version
i. Install the Semgrep CLI and confirm the installation:# install through pipx (https://pipx.pypa.io/stable/how-to/install-pipx/)
pipx install semgrep
# or, install through uv (https://docs.astral.sh/uv/)
uv tool install semgrep
# confirm installation succeeded by printing the currently installed version
semgrep --version
i. Download and install Python. Make sure to check the box to add python.exe to the PATH, otherwise you will have difficulty running Semgrep.ii. Configure your system to run Python with UTF-8 text encodings by default. In PowerShell, run:[System.Environment]::SetEnvironmentVariable('PYTHONUTF8', '1', 'User')
# install through pipx (https://pipx.pypa.io/stable/how-to/install-pipx/)
pipx install semgrep
# or, install through uv (https://docs.astral.sh/uv/)
uv tool install semgrep
# confirm installation succeeded by printing the currently installed version
semgrep --version
i. Pull the latest image and confirm the version:docker pull semgrep/semgrep
# confirm version
docker run --rm semgrep/semgrep semgrep --version
docker run -it semgrep/semgrep semgrep login
YOUR_TOKEN with the login token value you copied in the previous step:docker run -e SEMGREP_APP_TOKEN=YOUR_TOKEN --rm -v "${PWD}:/src" semgrep/semgrep semgrep ci
-v option mounts the current directory into the container to be scanned. Navigate into a different project or provide a specific local directory in the command to scan a different project.iii. For users running Docker on Windows:a. Log in to your Semgrep account (running this command will launch a browser window, but you can also use the link that’s returned in the CLI to proceed):docker run -it semgrep/semgrep semgrep login
YOUR_TOKEN with the login token value you copied in the previous step:docker run -e SEMGREP_APP_TOKEN=YOUR_TOKEN --rm -v "%cd%:/src" semgrep/semgrep semgrep ci
-v option mounts the current directory into the container to be scanned. Navigate into a different project or provide a specific local directory in the command to scan a different project. Once you’ve scanned your first application, return to Semgrep AppSec Platform to see the security vulnerabilities in your project. For detailed information, click Code to access your SAST findings or Supply Chain to access your SCA findings.INFOCode is not uploaded. Only findings are sent to Semgrep AppSec Platform.
Scan without a GitHub or GitLab account
If you don’t have a GitHub or GitLab account, you can use semgrep scan in your CLI. See Scan your project for more details.
