Documentation Index
Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt
Use this file to discover all available pages before exploring further.
This document shows you how to add Semgrep into Semaphore.
In Semaphore:
Create a secret with your SEMGREP_APP_TOKEN.
Open the YAML pipeline for your project using the Visual Editor.
Expand Jobs, and add the following commands to perform a full scan:checkout
pipx install semgrep
semgrep ci
Enable the secret that you created in Step 1. To do this, expand Secret, and select SEMGREP_APP_TOKEN.
Click Run the workflow, provide a Commit summary, and click Looks good, Start to save your changes and run the pipeline job.
Sample Semaphore configuration snippet
The following configuration creates a CI job that runs scans using the products and options you have enabled in Semgrep AppSec Platform.version: v1.0
name: Semaphore Semgrep Example
agent:
machine:
type: f1-standard-2
os_image: ubuntu2204
blocks:
- name: Semgrep
task:
jobs:
# Job performing a full scan
- name: Semgrep Full Scan
commands:
- checkout
- pipx install semgrep
- semgrep ci
# Job performing a diff scan for PR/branches
- name: Semgrep Diff-aware Scan
commands:
- checkout
- export SEMGREP_BRANCH=$SEMAPHORE_GIT_BRANCH
- export SEMGREP_BASELINE_COMMIT=$SEMAPHORE_GIT_SHA
- pipx install semgrep
- semgrep ci
# import a secret named 'semgrep' with the SEMGREP_APP_TOKEN
secrets:
- name: SEMGREP_APP_TOKEN
--supply-chain. View the list of arguments. The following configuration creates a CI job that runs Semgrep CE scans using rules configured for your programming language.version: v1.0
name: Semaphore Semgrep CE Example
agent:
machine:
type: f1-standard-2
os_image: ubuntu2204
blocks:
- name: Semgrep
task:
jobs:
# Job performing a full scan using Semgrep CE
- name: Semgrep CE Scan
commands:
- checkout
- pipx install semgrep
- semgrep scan
