Semgrep is a very popular open-source security scanning tool for the many languages, secrets, infrastructure-as-code, and other checks. Semgrep is good for finding common coding errors.
Security Stage | SAST (Static code analysis) |
Type | Open Source |
Languages | Java, Python, C#, Java/TypeScript, YAML, Docker, CloudFormation, Kubernetes, Terraform, Scala, Ruby, Go, and more |
Site | https://semgrep.dev/ |
Pre-requisite
1 | You'll need a Git address to scan |
How do I set it up?
Adding Semgrep to your set of security tests is simple.
Now any time you click 'Test Now' and select your ToolKit that includes Semgrep, or make a request over the Uleska API or CLI including that ToolKit, the Semgrep tool will be included in the test run and any results added to your vulnerabilities list.
Notes
Configuration for profiles, test IDs, and levels are not currently supported but will be included in a future release.