Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt

Use this file to discover all available pages before exploring further.

To scan your repository with all of the rules available in the Semgrep Registry, navigate to the root of your repository and run: 
semgrep --config=r/all .
If you are not logged in, --config=r/all runs all public rules from the Semgrep Registry, including community-authored rules. If you are logged in, --config=r/all runs all public rules from the Semgrep Registry, including community-authored rules, plus:
  • Your organization’s private rules in the Registry, excluding unlisted private rules
    • This excludes unlisted private rules
  • Semgrep Pro rules, if you have a Team or Enterprise subscription
WARNINGRunning all rules is likely to produce many findings and generate noise in the form of false positives.

Error: “invalid configuration file found”

If you encounter the following error, there is a syntax error in one of your custom rules. 
[ERROR] invalid configuration file found (1 configs were invalid)
To work around this error, while you correct the issues in the affected configuration file, run: 
semgrep --config r/all . -d
semgrep --config ~/.semgrep/semgrep_rules.json .
The first command creates a cache of rules in semgrep_rules.json within the .semgrep directory in your home folder that omits the invalid rule. The second command runs a Semgrep scan using the local rule cache.