Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings
This repository was archived by the owner on Aug 16, 2025. It is now read-only.

Commit097373e

Browse files
update semgrep config with full details (#106)
* update semgrep config with full details* move notes around* add link to semgrep rules docs* english fix* adding notes on default semgrep config file names
1 parentd96fea2 commit097373e

File tree

1 file changed

+33
-16
lines changed

1 file changed

+33
-16
lines changed

‎docs/tools/semgrep.md‎

Lines changed: 33 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -4,21 +4,50 @@ sidebar_label: Semgrep
44
description:CodeRabbit's guide to Semgrep.
55
---
66

7-
[Semgrep](https://semgrep.dev/) is a static analysis tool designed to scan code for security vulnerabilities and code quality issues..
7+
[Semgrep](https://semgrep.dev/) is a static analysis tool designed to scan code
8+
for security vulnerabilities and code quality issues.
9+
10+
##Configuration
11+
12+
Semgrep uses a YAML style configuration file. By default we will automatically
13+
use the following files if any are set in the root directory of your
14+
repostitory.
15+
16+
-`semgrep.yml` or`semgrep.yaml`
17+
-`semgrep.config.yml` or`semgrep.config.yaml`
18+
19+
Semgrep supports the following config files:
20+
21+
- User-defined config file set at`reviews.tools.semgrep.config_file` in your
22+
project's`.coderabbit.yaml` file or setting the "Review → Tools → Semgrep →
23+
Config File" field in CodeRabbit's settings page.
24+
25+
>Due to licensing CodeRabbit does not ship with the
26+
>[community-created Semgrep rules](https://github.com/returntocorp/semgrep-rules),
27+
>but you're free to use these in your own`semgrep.yml` config file.
28+
29+
>**NOTE: CodeRabbit will only run Semgrep if your repository contains a Semgrep
30+
>config file. This config must use the default file names or you must define
31+
>the path to this file in the`.coderabbit.yaml` or config UI.**
32+
33+
##Links
34+
35+
-[Semgrep CLI Reference](https://semgrep.dev/docs/cli-reference)
36+
-[Writing Semgrep Rules for Config Files](https://semgrep.dev/docs/running-rules)
837

938
##Files
1039

1140
Semgrep will run on the following files and extensions:
1241

1342
-`Apex`
14-
-`Bash`
43+
-`Bash`
1544
-`.c`
1645
-`.cpp`
1746
-`.cs`
1847
-`.clj`
1948
-`.dart`
2049
-`Dockerfile`
21-
-`.ex`
50+
-`.ex`
2251
-`.html`
2352
-`.go`
2453
-`.java`
@@ -36,7 +65,7 @@ Semgrep will run on the following files and extensions:
3665
-`.py`
3766
-`.r`
3867
-`.rb`
39-
-`.rs`
68+
-`.rs`
4069
-`.scala`
4170
-`Scheme`
4271
-`.sol`
@@ -48,15 +77,3 @@ Semgrep will run on the following files and extensions:
4877
-`.xml`
4978
-`ERB`
5079
-`Jinja`
51-
52-
##Configuration
53-
54-
Semgrep uses a YAML style configuration file.
55-
56-
Semgrep supports the following config files:
57-
58-
- User-defined config file set at`reviews.tools.semgrep.config_file` in your project's`.coderabbit.yaml` file or setting the "Review → Tools → Semgrep → Config File" field in CodeRabbit's settings page.
59-
60-
##Links
61-
62-
-[Semgrep Cli Reference](https://semgrep.dev/docs/cli-reference)

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp