Set up Semgrep Supply Chain for your infrastructure

YOUR DEPLOYMENT JOURNEY

You have gained the necessary resource access and permissions required for deployment.
You have created a Semgrep account and organization.
For GitHub and GitLab users: You have connected your source code manager.
Optionally, you have set up SSO.
You have successfully added a Semgrep job to your CI workflow.

Semgrep Supply Chain performs software composition analysis with reachability. Scanning third-party code with Semgrep Supply Chain may require additional steps, such as generating a manifest file or lockfile that it can parse in continuous integration (CI). The documents in this category describe how to set up Semgrep Supply Chain for specific manifest files, lockfiles, or CI providers, to ensure that your Semgrep Supply Chain deployment functions as intended.

	Issue	Solution
Maven	Semgrep Supply Chain requires a dependency tree to detect packages.	Generate a dependency tree using `mvn` by following the steps in Setting up Semgrep Supply Chain with Apache Maven.

Configure blocking findings Apache Maven

⌘I

Documentation Index