Prerequisites
- An understanding of secure guardrails.
- Knowledge of the basic Semgrep rule structure is helpful. See Rule syntax and Pattern syntax documentation.
- Enabling Code search (beta) is useful in verifying that your rule matches what you want it to match within your repositories.
General steps
1
Create a custom Semgrep rule.
2
Verify and test that the rule matches the code you want to detect.
3
Optional: Set the custom Semgrep rule as a secure default.
4
Deploy the rule as a guardrail in the following developer interfaces: IDE, PR or MR comments, or
pre-commit.Secure default snippet
When creating a custom secure default, you must usecategory: security and subcategory: secure default values in your rule: