Documentation Index
Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt
Use this file to discover all available pages before exploring further.
| Channel | Semgrep Code | Semgrep Supply Chain | Semgrep Secrets |
|---|---|---|---|
| Slack | Integrate with Semgrep through Settings > Integrations. Customize through rule modes in Policies page. | Integrate with Semgrep through Settings > Integrations. Limited customizability; configured by default to send notifications on reachable findings | Integrate with Semgrep through Settings > Integrations. Customize through policies in Policies page |
| Integrate with Semgrep through Settings > Integrations. Customize through rule modes in Policies page. | Not available | Not available | |
| Webhooks | Integrate with Semgrep through Settings > Integrations. Customize through rule modes in Policies page. | Not available | Not available |
Semgrep Code rule modes define workflow actions (Monitor, Comment, or Block) that Semgrep Code performs when a rule detects a finding. In addition to these workflow actions, you can also configure Semgrep to send notifications on any rule mode.
Click to expand table of rule modes
Click to expand table of rule modes
| Rule mode | Description |
|---|---|
| Monitor | Rules in Monitor mode display findings only in: • Semgrep AppSec Platform • For Semgrep Code and Supply Chain: User-defined notifications Set rules to this mode to evaluate their true positive rate and other criteria you may have. By keeping rules in Monitor, developers do not receive potentially noisy findings in their PRs or MRs. |
| Comment | Rules in Comment mode display findings in: • Developers’ PRs or MRs • Semgrep AppSec Platform • For Semgrep Code and Supply Chain: User-defined notifications Set rules that have met your performance criteria to this mode when you are ready to display findings to developers. |
| Block | Rules in Block mode cause the scan job to fail with an exit code of 1 if Semgrep Secrets detects a finding from these rules. You can use this result to enforce a block on the PR or MR. For example, GitHub users can enable branch protection and set the PR to fail if the Semgrep step fails.These rules display findings in: • Developers’ PRs or MRs • Semgrep AppSec Platform • For Semgrep Code and Supply Chain: User-defined notifications These are typically high-confidence, high-severity rules. |
View integrations
To view all integrations available to you in Semgrep AppSec Platform, follow these steps:Sign in to your Semgrep AppSec Platform account.