Using semgrep

Python Virtual Environment has been set up - this contains python requirements

Updates

semgrep is updated when executing . semgrep.sh venv

Prepare the environment

cd /opt/semgrep/                  # Execution path
. semgrep.sh                      # activate the venv environment

Note: the script will download several custom rulesets, and remove several invalid yaml files.

Run Semgrep

code_fol=[path to scan]
for ruleset in $(find custom-rules/ -maxdepth 2 -mindepth 2  -type d -not -path '*/.*'); do unbuffer semgrep scan -f ${ruleset} --metrics=off ${code_fol}| tee semgrep-$(echo ${ruleset} | sed 's/\//-/g').txt;done

Note: Semgrep can run custom rules, but may run out of ram before it completes - breaking the work into smaller chunks is messy, but works.

Additional Information

• Github Repo