Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt

Use this file to discover all available pages before exploring further.

PREREQUISITEAt least one project (a repository or subfolder in a monorepo) that scans for dependencies through Semgrep Supply Chain. See Scan third-party dependencies.
The Advisories page lets you view the vulnerability announcements relevant to your Semgrep organization. These are typically, but not always, associated with a Common Vulnerabilities and Exposures (CVE) number. This page also helps you identify all findings related to a given advisory.

View advisories

To see the advisories relevant to your Semgrep organization:
1
Sign in to Semgrep AppSec Platform.
2
Go to Rules & Policies > Advisories.
You can use the filters available to narrow down the results displayed:
FilterDescription
The title of the advisory or its associated CVE.
LanguageThe language for which the advisory is applicable.
SeverityThe severity of the findings relevant to the advisory.
Analysis typeThe reachability type of the findings relevant to the advisory.

Advisory details

For each advisory listed, you can click the entry to view additional details, including:
  • A description
  • Reference links
  • The rule Semgrep uses to match your code
  • Affected projects

Identify findings associated with an advisory

You can use the Advisories page to see if any of your projects are affected by a specific incident:
1
Sign in to Semgrep AppSec Platform.
2
Go to Rules & Policies > Advisories.
3
Using the filter, provide the relevant CVE or keywords.
4
Click the advisory in the results list to open up the Details dialog.
5
Go to Affected projects.
Semgrep displays the number of relevant findings on each of the project’s branches for each of the advisories’ affected projects. Clicking the displayed number takes you to the Findings page, where you can see in-depth information about each issue.