Semgrep

Pro Plan Feature

This feature is available exclusively as part of the Pro plan and is not included in the Lite plan. Please refer to our pricing page for more information about our plans and features.

Semgrep is an open-source static analysis tool designed to scan code for security vulnerabilities and code quality issues.

Configuration

Semgrep uses a YAML style configuration file. By default, we will automatically use the following files if any are set in the root directory of your repository.

• semgrep.yml or semgrep.yaml
• semgrep.config.yml or semgrep.config.yaml

Semgrep supports the following config files:

• User-defined config file set at reviews.tools.semgrep.config_file in your project's .coderabbit.yaml file or setting the "Review → Tools → Semgrep → Config File" field in CodeRabbit's settings page.

Due to licensing, CodeRabbit does not ship with the community-created Semgrep rules.

note

CodeRabbit will only run Semgrep if your repository contains a Semgrep config file. This config must use the default file names, or you must define the path to this file in the .coderabbit.yaml or config UI.

Links

• Semgrep CLI Reference
• Writing Semgrep Rules for Config Files

Files

Semgrep will run on the following files types:

• C/C++
• C#
• Go
• Java
• JavaScript
• Kotlin
• Python
• TypeScript
• Ruby
• Rust
• JSX
• PHP
• Scala
• Swift
• Terraform
• JSON