Semgrep

This producer component analyses source code with Semgrep to look for security issues.

Read more about what it does on the Semgrep homepage and GitHub repo.

How to use with Smithy

Open-Source

Add the Helm package to the pipeline settings:

---
# file: ./my-pipeline/kustomization.yaml
components:
  - pkg:helm/smithy-security-oss-components/producer-semgrep

Configure the run parameters of the component in the pipeline run file. All parameters are optional:

# file: ./my-pipeline/pipelinerun.yaml
---
...
spec:
...
  params:
  - name: producer-semgrep-rules-yaml
    value: |
      rules: []
  - name: producer-semgrep-config-value
    value: auto

SaaS

In the Smithy UI, open the page to create a new workflow.
Find Semgrep in the Producers dropdown.
Configure the parameters in the form on the right

Options

You can configure this component with the following options. The values are optional:

Option Name	Description	Default	Type
producer-semgrep-rules-yaml	Additional rules passed to Semgrep https://semgrep.dev/docs/writing-rules/rule-syntax.	"rules: []"	YAML string
producer-semgrep-config-value	The config for the Semgrep producer. Passed directly to the CLI via `--config`	"auto"	String

Semgrep

How to use with Smithy​

Open-Source​

SaaS​

Options​

How to use with Smithy

Open-Source

SaaS

Options