Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt

Use this file to discover all available pages before exploring further.

If you have a .semgrepignore file and aren’t seeing the results you expect, you may be seeing the effect of changes in Semgrep 1.117.0 and later. Starting with Semgrep 1.117.0, the Semgrepignore specification has changed to better align with Git and Gitignore and to offer more flexibility. The new specification is referred to as Semgrepignore v2.

Requirements for Semgrepignore v2

If you’re using Git

Place the .semgrepignore file in root of the Git project (preferred) or in any folder in the project where you want to consistently ignore some files. .semgrepignore files follow the same specification as .gitignore files, which they extend.

If you’re not using Git

Place the .semgrepignore file in the folder passed on the semgrep scan command line. For example, if the command is semgrep scan foo/, and the .semgrepignore file is in the current directory, move the .semgrepignore file from the current directory to foo/.semgrepignore.

Best practices

  • When scanning a whole project, run semgrep from the project root.
  • Place a .semgrepignore file at the project root.
  • Optionally, place .semgrepignore files in subfolders so as to keep the exclusion patterns simple and to allow moving these subfolders around without having to edit the file exclusion patterns.
  • Refer to the Gitignore specification for the precise syntax and usage of .semgrepignore files.