semgrep --debug options makes the scan --strict and fail the whole scan

[caglarsayin]

I am scanning a go project which has utf-8 characters and semgrep agent is falling as in the example below

semgrep-agent --config p/security-audit --config p/secrets --baseline-ref master --json

| versions          - semgrep 0.83.0 on
| environment       - running in environment git, triggering event is 'unknown'
| manage            - not logged in
=== setting up agent configuration
.......
| looking at 22 changed paths
=== looking for current issues in 22 files

=== failed command's STDOUT:

=== failed command's STDERR:

=== [ERROR] /usr/local/bin/semgrep --skip-unknown-extensions --disable-nosem --json --autofix --dryrun --time --timeout-threshold 3 --config https://semgrep.dev/c/p/security-audit --config https://semgrep.dev/c/p/secrets --enable-metrics --debug -o /var/folders/r3/ff28j9w1505578c33pdhqs7ddh06jg/T/tmpft0rcwbo internal/app/products/products.go internal/app/products/products_test.go internal/app/products/testdata/get_products_responses.go internal/app/products/testdata/papi_response.json .golangci.yaml Makefile cmd/pd-groceries-product/main.go configs/config.go go.mod go.sum internal/adapters/papi/mocks/Repository.go internal/adapters/papi/repository.go internal/adapters/papi/service.go internal/adapters/papi/service_test.go internal/domain/papi/papi_attributes.go internal/domain/papi/product.go internal/ports/graphql/generated.go internal/ports/graphql/models/models_gen.go internal/ports/graphql/resolver.go internal/ports/graphql/schema.graphqls internal/ports/graphql/schema.resolvers.go spec-dev.yaml failed with exit code `2`

This is an internal error, please file an issue at https://github.com/returntocorp/semgrep-action/issues/new/choose
and include any log output from above.`

I went deeper in the issue and and run the semgrep as shown above and here is the output.

Fetching rules from https://semgrep.dev/registry ...
trying to download from https://semgrep.dev/p/security-audit
Getting API token from settings file
finished downloading from https://semgrep.dev/p/security-audit
loaded 1 configs in 3.8482840061187744
running 252 rules from 1 config remote-url_0
Running 252 rules...
rules:
- c.lang.security.double-free.double-free
- c.lang.security.insecure-use-gets-fn.insecure-use-gets-fn
- c.lang.security.insecure-use-printf-fn.insecure-use-printf-fn
- c.lang.security.insecure-use-scanf-fn.insecure-use-scanf-fn
- c.lang.security.insecure-use-strcat-fn.insecure-use-strcat-fn
- c.lang.security.insecure-use-string-copy-fn.insecure-use-string-copy-fn
- c.lang.security.insecure-use-strtok-fn.insecure-use-strtok-fn
- c.lang.security.random-fd-exhaustion.random-fd-exhaustion
- c.lang.security.use-after-free.use-after-free
- generic.dockerfile.security.last-user-is-root.last-user-is-root
- generic.html-templates.security.unquoted-attribute-var.unquoted-attribute-var
- generic.html-templates.security.var-in-href.var-in-href
- generic.html-templates.security.var-in-script-tag.var-in-script-tag
- generic.nginx.security.alias-path-traversal.alias-path-traversal
- generic.nginx.security.dynamic-proxy-host.dynamic-proxy-host
- generic.nginx.security.dynamic-proxy-scheme.dynamic-proxy-scheme
- generic.nginx.security.header-injection.header-injection
- generic.nginx.security.header-redefinition.header-redefinition
- generic.nginx.security.insecure-redirect.insecure-redirect
- generic.nginx.security.insecure-ssl-version.insecure-ssl-version
- generic.nginx.security.missing-internal.missing-internal
- generic.nginx.security.missing-ssl-version.missing-ssl-version
- go.grpc.security.grpc-client-insecure-connection.grpc-client-insecure-connection
- go.grpc.security.grpc-server-insecure-connection.grpc-server-insecure-connection
- go.jwt-go.security.jwt.hardcoded-jwt-key
- go.lang.security.audit.crypto.bad_imports.insecure-module-used
- go.lang.security.audit.crypto.insecure_ssh.avoid-ssh-insecure-ignore-host-key
- go.lang.security.audit.crypto.math_random.math-random-used
- go.lang.security.audit.crypto.ssl.ssl-v3-is-insecure
- go.lang.security.audit.crypto.tls.tls-with-insecure-cipher
- go.lang.security.audit.crypto.use_of_weak_crypto.use-of-DES
- go.lang.security.audit.crypto.use_of_weak_crypto.use-of-md5
- go.lang.security.audit.crypto.use_of_weak_crypto.use-of-rc4
- go.lang.security.audit.crypto.use_of_weak_crypto.use-of-sha1
- go.lang.security.audit.database.string-formatted-query.string-formatted-query
- go.lang.security.audit.net.bind_all.avoid-bind-to-all-interfaces
- go.lang.security.audit.net.dynamic-httptrace-clienttrace.dynamic-httptrace-clienttrace
- go.lang.security.audit.net.formatted-template-string.formatted-template-string
- go.lang.security.audit.net.pprof.pprof-debug-exposure
- go.lang.security.audit.net.unescaped-data-in-htmlattr.unescaped-data-in-htmlattr
- go.lang.security.audit.net.unescaped-data-in-js.unescaped-data-in-js
- go.lang.security.audit.net.unescaped-data-in-url.unescaped-data-in-url
- go.lang.security.audit.net.use-tls.use-tls
- go.lang.security.audit.net.wip-xss-using-responsewriter-and-printf.wip-xss-using-responsewriter-and-printf
- go.lang.security.audit.reflect-makefunc.reflect-makefunc
- go.lang.security.audit.unsafe.use-of-unsafe-block
- go.lang.security.bad_tmp.bad-tmp-file-creation
- go.lang.security.decompression_bomb.potential-dos-via-decompression-bomb
- go.lang.security.zip.path-traversal-inside-zip-extraction
- go.otto.security.audit.dangerous-execution.dangerous-execution
- html.security.missing-noopener.missing-noopener
- html.security.missing-noreferrer.missing-noreferrer
- java.jax-rs.security.jax-rs-path-traversal.jax-rs-path-traversal
- java.lang.security.audit.anonymous-ldap-bind.anonymous-ldap-bind
- java.lang.security.audit.bad-hexa-conversion.bad-hexa-conversion
- java.lang.security.audit.cbc-padding-oracle.cbc-padding-oracle
- java.lang.security.audit.command-injection-formatted-runtime-call.command-injection-formatted-runtime-call
- java.lang.security.audit.cookie-missing-httponly.cookie-missing-httponly
- java.lang.security.audit.cookie-missing-samesite.cookie-missing-samesite
- java.lang.security.audit.cookie-missing-secure-flag.cookie-missing-secure-flag
- java.lang.security.audit.crlf-injection-logs.crlf-injection-logs
- java.lang.security.audit.crypto.des-is-deprecated.des-is-deprecated
- java.lang.security.audit.crypto.desede-is-deprecated.desede-is-deprecated
- java.lang.security.audit.crypto.no-null-cipher.no-null-cipher
- java.lang.security.audit.crypto.no-static-initialization-vector.no-static-initialization-vector
- java.lang.security.audit.crypto.rsa-no-padding.rsa-no-padding
- java.lang.security.audit.crypto.ssl.avoid-implementing-custom-digests.avoid-implementing-custom-digests
- java.lang.security.audit.crypto.ssl.defaulthttpclient-is-deprecated.defaulthttpclient-is-deprecated
- java.lang.security.audit.crypto.ssl.insecure-hostname-verifier.insecure-hostname-verifier
- java.lang.security.audit.crypto.ssl.insecure-trust-manager.insecure-trust-manager
- java.lang.security.audit.crypto.unencrypted-socket.unencrypted-socket
- java.lang.security.audit.crypto.use-of-md5.use-of-md5
- java.lang.security.audit.crypto.use-of-sha1.use-of-sha1
- java.lang.security.audit.crypto.weak-random.weak-random
- java.lang.security.audit.el-injection.el-injection
- java.lang.security.audit.formatted-sql-string.formatted-sql-string
- java.lang.security.audit.http-response-splitting.http-response-splitting
- java.lang.security.audit.insecure-smtp-connection.insecure-smtp-connection
- java.lang.security.audit.jdbc-sql-formatted-string.jdbc-sql-formatted-string
- java.lang.security.audit.ldap-entry-poisoning.ldap-entry-poisoning
- java.lang.security.audit.ldap-injection.ldap-injection
- java.lang.security.audit.object-deserialization.object-deserialization
- java.lang.security.audit.overly-permissive-file-permission.overly-permissive-file-permission
- java.lang.security.audit.permissive-cors.permissive-cors
- java.lang.security.audit.script-engine-injection.script-engine-injection
- java.lang.security.audit.sqli.tainted-sql-from-http-request.tainted-sql-from-http-request
- java.lang.security.audit.tainted-cmd-from-http-request.tainted-cmd-from-http-request
- java.lang.security.audit.tainted-ldapi-from-http-request.tainted-ldapi-from-http-request
- java.lang.security.audit.tainted-session-from-http-request.tainted-session-from-http-request
- java.lang.security.audit.tainted-xpath-from-http-request.tainted-xpath-from-http-request
- java.lang.security.audit.unvalidated-redirect.unvalidated-redirect
- java.lang.security.audit.url-rewriting.url-rewriting
- java.lang.security.audit.weak-ssl-context.weak-ssl-context
- java.lang.security.audit.xml-decoder.xml-decoder
- java.lang.security.audit.xss.no-direct-response-writer.no-direct-response-writer
- java.lang.security.audit.xssrequestwrapper-is-insecure.xssrequestwrapper-is-insecure
- java.lang.security.httpservlet-path-traversal.httpservlet-path-traversal
- java.lang.security.servletresponse-writer-xss.servletresponse-writer-xss
- java.lang.security.xmlinputfactory-external-entities-enabled.xmlinputfactory-external-entities-enabled
- java.lang.security.xmlinputfactory-possible-xxe.xmlinputfactory-possible-xxe
- java.rmi.security.server-dangerous-object-deserialization.server-dangerous-object-deserialization
- java.spring.security.audit.spel-injection.spel-injection
- java.spring.security.audit.spring-csrf-disabled.spring-csrf-disabled
- java.spring.security.audit.spring-unvalidated-redirect.spring-unvalidated-redirect
- java.spring.security.unrestricted-request-mapping.unrestricted-request-mapping
- javascript.express.security.audit.possible-user-input-redirect.unknown-value-in-redirect
- javascript.grpc.security.grpc-nodejs-insecure-connection.grpc-nodejs-insecure-connection
- javascript.jose.security.jwt-exposed-credentials.jwt-exposed-credentials
- javascript.jose.security.jwt-hardcode.hardcoded-jwt-secret
- javascript.jose.security.jwt-none-alg.jwt-none-alg
- javascript.jsonwebtoken.security.jwt-exposed-credentials.jwt-exposed-credentials
- javascript.jsonwebtoken.security.jwt-hardcode.hardcoded-jwt-secret
- javascript.jsonwebtoken.security.jwt-none-alg.jwt-none-alg
- javascript.lang.security.audit.unknown-value-with-script-tag.unknown-value-with-script-tag
- javascript.lang.security.detect-buffer-noassert.detect-buffer-noassert
- javascript.lang.security.detect-child-process.detect-child-process
- javascript.lang.security.detect-disable-mustache-escape.detect-disable-mustache-escape
- javascript.lang.security.detect-eval-with-expression.detect-eval-with-expression
- javascript.lang.security.detect-no-csrf-before-method-override.detect-no-csrf-before-method-override
- javascript.lang.security.detect-non-literal-require.detect-non-literal-require
- javascript.lang.security.detect-pseudorandombytes.detect-pseudoRandomBytes
- javascript.lang.security.spawn-git-clone.spawn-git-clone
- javascript.node-expat.security.audit.expat-xxe.expat-xxe
- javascript.sax.security.audit.sax-xxe.sax-xxe
- javascript.xml2json.security.audit.xml2json-xxe.xml2json-xxe
- json.aws.security.public-s3-policy-statement.public-s3-policy-statement
- python.airflow.security.audit.formatted-string-bashoperator.formatted-string-bashoperator
- python.boto3.security.hardcoded-token.hardcoded-token
- python.cryptography.security.insecure-cipher-algorithms.insecure-cipher-algorithm-blowfish
- python.cryptography.security.insecure-cipher-algorithms.insecure-cipher-algorithm-idea
- python.cryptography.security.insecure-cipher-algorithms.insecure-cipher-algorithm-rc4
- python.cryptography.security.insecure-cipher-mode-ecb.insecure-cipher-mode-ecb
- python.cryptography.security.insecure-hash-algorithms.insecure-hash-algorithm-md5
- python.cryptography.security.insecure-hash-algorithms.insecure-hash-algorithm-sha1
- python.cryptography.security.insufficient-ec-key-size.insufficient-ec-key-size
- python.django.security.audit.avoid-insecure-deserialization.avoid-insecure-deserialization
- python.django.security.audit.avoid-mark-safe.avoid-mark-safe
- python.django.security.audit.csrf-exempt.no-csrf-exempt
- python.django.security.audit.custom-expression-as-sql.custom-expression-as-sql
- python.django.security.audit.extends-custom-expression.extends-custom-expression
- python.django.security.audit.query-set-extra.avoid-query-set-extra
- python.django.security.audit.raw-query.avoid-raw-sql
- python.django.security.audit.secure-cookies.django-secure-set-cookie
- python.django.security.audit.unvalidated-password.unvalidated-password
- python.django.security.audit.xss.context-autoescape-off.context-autoescape-off
- python.django.security.audit.xss.global-autoescape-off.global-autoescape-off
- python.django.security.audit.xss.template-autoescape-off.template-autoescape-off
- python.django.security.audit.xss.template-blocktranslate-no-escape.template-blocktranslate-no-escape
- python.django.security.audit.xss.template-translate-as-no-escape.template-translate-as-no-escape
- python.django.security.audit.xss.template-translate-no-escape.template-translate-no-escape
- python.django.security.audit.xss.template-var-unescaped-with-safeseq.template-var-unescaped-with-safeseq
- python.django.security.injection.code.globals-misuse-code-execution.globals-misuse-code-execution
- python.django.security.injection.code.user-eval.user-eval
- python.django.security.injection.code.user-exec.user-exec
- python.django.security.injection.command.command-injection-os-system.command-injection-os-system
- python.django.security.injection.email.xss-html-email-body.xss-html-email-body
- python.django.security.injection.email.xss-send-mail-html-message.xss-send-mail-html-message
- python.django.security.injection.mass-assignment.mass-assignment
- python.django.security.injection.path-traversal.path-traversal-file-name.path-traversal-file-name
- python.django.security.passwords.use-none-for-password-default.use-none-for-password-default
- python.flask.security.audit.app-run-param-config.avoid_app_run_with_bad_host
- python.flask.security.audit.app-run-security-config.avoid_using_app_run_directly
- python.flask.security.audit.debug-enabled.debug-enabled
- python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_DEBUG
- python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_ENV
- python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_SECRET_KEY
- python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_TESTING
- python.flask.security.audit.render-template-string.render-template-string
- python.flask.security.audit.secure-set-cookie.secure-set-cookie
- python.flask.security.audit.wtf-csrf-disabled.flask-wtf-csrf-disabled
- python.flask.security.dangerous-template-string.dangerous-template-string
- python.flask.security.injection.user-eval.eval-injection
- python.flask.security.injection.user-exec.exec-injection
- python.flask.security.insecure-deserialization.insecure-deserialization
- python.flask.security.open-redirect.open-redirect
- python.flask.security.secure-static-file-serve.avoid_send_file_without_path_sanitization
- python.flask.security.unescaped-template-extension.unescaped-template-extension
- python.flask.security.unsanitized-input.response-contains-unsanitized-input
- python.flask.security.xss.audit.template-autoescape-off.template-autoescape-off
- python.flask.security.xss.audit.template-unescaped-with-safe.template-unescaped-with-safe
- python.jinja2.security.audit.autoescape-disabled.autoescape-disabled
- python.lang.security.audit.conn_recv.multiprocessing-recv
- python.lang.security.audit.dangerous-spawn-process.dangerous-spawn-process
- python.lang.security.audit.dangerous-system-call.dangerous-system-call
- python.lang.security.audit.dynamic-urllib-use-detected.dynamic-urllib-use-detected
- python.lang.security.audit.eval-detected.eval-detected
- python.lang.security.audit.exec-detected.exec-detected
- python.lang.security.audit.ftplib.ftplib
- python.lang.security.audit.hardcoded-password-default-argument.hardcoded-password-default-argument
- python.lang.security.audit.httpsconnection-detected.httpsconnection-detected
- python.lang.security.audit.logging.listeneval.listen-eval
- python.lang.security.audit.mako-templates-detected.mako-templates-detected
- python.lang.security.audit.marshal.marshal-usage
- python.lang.security.audit.network.bind.avoid-bind-to-all-interfaces
- python.lang.security.audit.network.http-not-https-connection.http-not-https-connection
- python.lang.security.audit.paramiko-implicit-trust-host-key.paramiko-implicit-trust-host-key
- python.lang.security.audit.paramiko.paramiko-exec-command.paramiko-exec-command
- python.lang.security.audit.ssl-wrap-socket-is-deprecated.ssl-wrap-socket-is-deprecated
- python.lang.security.audit.subprocess-shell-true.subprocess-shell-true
- python.lang.security.audit.system-wildcard-detected.system-wildcard-detected
- python.lang.security.audit.telnetlib.telnetlib
- python.lang.security.audit.weak-ssl-version.weak-ssl-version
- python.lang.security.deserialization.avoid-pyyaml-load.avoid-pyyaml-load
- python.lang.security.deserialization.pickle.avoid-cPickle
- python.lang.security.deserialization.pickle.avoid-dill
- python.lang.security.deserialization.pickle.avoid-pickle
- python.lang.security.deserialization.pickle.avoid-shelve
- python.lang.security.insecure-hash-algorithms.insecure-hash-algorithm-md5
- python.lang.security.insecure-hash-algorithms.insecure-hash-algorithm-sha1
- python.lang.security.insecure-hash-function.insecure-hash-function
- python.lang.security.unquoted-csv-writer.unquoted-csv-writer
- python.lang.security.unverified-ssl-context.unverified-ssl-context
- python.lang.security.use-defused-xml.use-defused-xml
- python.lang.security.use-defused-xmlrpc.use-defused-xmlrpc
- python.pycryptodome.security.insecure-cipher-algorithm.insecure-cipher-algorithm-blowfish
- python.pycryptodome.security.insecure-cipher-algorithm.insecure-cipher-algorithm-des
- python.pycryptodome.security.insecure-cipher-algorithm.insecure-cipher-algorithm-rc2
- python.pycryptodome.security.insecure-cipher-algorithm.insecure-cipher-algorithm-rc4
- python.pycryptodome.security.insecure-cipher-algorithm.insecure-cipher-algorithm-xor
- python.pycryptodome.security.insecure-hash-algorithm.insecure-hash-algorithm-md2
- python.pycryptodome.security.insecure-hash-algorithm.insecure-hash-algorithm-md4
- python.pycryptodome.security.insecure-hash-algorithm.insecure-hash-algorithm-md5
- python.pycryptodome.security.insecure-hash-algorithm.insecure-hash-algorithm-sha1
- python.requests.security.disabled-cert-validation.disabled-cert-validation
- python.requests.security.no-auth-over-http.no-auth-over-http
- python.sqlalchemy.security.sqlalchemy-sql-injection.sqlalchemy-sql-injection
- ruby.lang.security.bad-deserialization.bad-deserialization
- ruby.lang.security.cookie-serialization.cookie-serialization
- ruby.lang.security.create-with.create-with
- ruby.lang.security.divide-by-zero.divide-by-zero
- ruby.lang.security.file-disclosure.file-disclosure
- ruby.lang.security.filter-skipping.filter-skipping
- ruby.lang.security.force-ssl-false.force-ssl-false
- ruby.lang.security.hardcoded-http-auth-in-controller.hardcoded-http-auth-in-controller
- ruby.lang.security.mass-assignment-protection-disabled.mass-assignment-protection-disabled
- ruby.lang.security.missing-csrf-protection.missing-csrf-protection
- ruby.lang.security.no-eval.ruby-eval
- ruby.lang.security.no-send.bad-send
- ruby.lang.security.ssl-mode-no-verify.ssl-mode-no-verify
- ruby.lang.security.timing-attack.timing-attack
- ruby.lang.security.unprotected-mass-assign.mass-assignment-vuln
- ruby.lang.security.weak-hashes-md5.weak-hashes-md5
- ruby.lang.security.weak-hashes-sha1.weak-hashes-sha1
- terraform.lang.security.ebs-unencrypted-volume.unencrypted-ebs-volume
- terraform.lang.security.eks-public-endpoint-enabled.eks-public-endpoint-enabled
- terraform.lang.security.s3-cors-all-origins.all-origins-allowed
- terraform.lang.security.s3-public-rw-bucket.s3-public-rw-bucket
- typescript.react.security.audit.react-dangerouslysetinnerhtml.react-dangerouslysetinnerhtml
- typescript.react.security.audit.react-http-leak.react-http-leak
- typescript.react.security.react-controlled-component-password.react-controlled-component-password
- typescript.react.security.react-insecure-request.react-insecure-request
- typescript.react.security.react-markdown-insecure-html.react-markdown-insecure-html
No .semgrepignore found. Using default .semgrepignore rules. See the docs for the list of default ignores: https://semgrep.dev/docs/cli-usage/#ignoring-files
Passing whole rules directly to semgrep_core
Ignoring /private/var/folders/r3/ff28j9w1505578c33pdhqs7ddh06jg/T/tmpyjt61p_8/internal/app/products/products_test.go due to .semgrepignore
Ignoring /private/var/folders/r3/ff28j9w1505578c33pdhqs7ddh06jg/T/tmpyjt61p_8/internal/adapters/papi/service_test.go due to .semgrepignore
Ignoring /private/var/folders/r3/ff28j9w1505578c33pdhqs7ddh06jg/T/tmpyjt61p_8/internal/app/products/products_test.go due to .semgrepignore
Ignoring /private/var/folders/r3/ff28j9w1505578c33pdhqs7ddh06jg/T/tmpyjt61p_8/internal/adapters/papi/service_test.go due to .semgrepignore
Ignoring /private/var/folders/r3/ff28j9w1505578c33pdhqs7ddh06jg/T/tmpyjt61p_8/internal/app/products/products_test.go due to .semgrepignore
Ignoring /private/var/folders/r3/ff28j9w1505578c33pdhqs7ddh06jg/T/tmpyjt61p_8/internal/adapters/papi/service_test.go due to .semgrepignore
Ignoring /private/var/folders/r3/ff28j9w1505578c33pdhqs7ddh06jg/T/tmpyjt61p_8/internal/app/products/products_test.go due to .semgrepignore
Ignoring /private/var/folders/r3/ff28j9w1505578c33pdhqs7ddh06jg/T/tmpyjt61p_8/internal/adapters/papi/service_test.go due to .semgrepignore
Ignoring /private/var/folders/r3/ff28j9w1505578c33pdhqs7ddh06jg/T/tmpyjt61p_8/internal/app/products/products_test.go due to .semgrepignore
Ignoring /private/var/folders/r3/ff28j9w1505578c33pdhqs7ddh06jg/T/tmpyjt61p_8/internal/adapters/papi/service_test.go due to .semgrepignore
Ignoring /private/var/folders/r3/ff28j9w1505578c33pdhqs7ddh06jg/T/tmpyjt61p_8/internal/app/products/products_test.go due to .semgrepignore
Ignoring /private/var/folders/r3/ff28j9w1505578c33pdhqs7ddh06jg/T/tmpyjt61p_8/internal/adapters/papi/service_test.go due to .semgrepignore
{"errors": [{"code": 2, "level": "error", "message": "Error while running rules: 'utf-8' codec can't decode byte 0xe1 in position 121: invalid continuation byte", "type": "SemgrepError"}], "paths": {"_comment": "<add --verbose for a list of skipped paths>", "scanned": []}, "results": [], "time": {"profiling_times": {}, "rules": [], "rules_parse_time": 0.0, "targets": [], "total_bytes": 0}}
Sending pseudonymous metrics since metrics are configured to ON and server usage is True
Sent pseudonymous metrics

The root cause of this issue a utf-8 character in a GoLang source code but it is quite usual fo go source code. As I understand since we use --debug option on semgrep, it is on --strict mode and it does not tolerate any issues.

Can we implement a work around?

Thanks

[brendongo]

Hi @caglarsayin sorry for the delayed response. We just released a new version of the agent last week that came with a bunch of file targeting fixes and I suspect this error you were seeing might have been caused by a binary file being treated as a go file? If you run the latest semgrep-agent or even semgrep it should complete without issue. Let us know if that is not the case .

[caglarsayin]

No it is not a binary file but a go file that includes emojis because go accepts this kind of chars in the code

[brendongo]

Ah I see. Moving this issue to semgrep repo

[brendongo]

Actually my bad should not have done that and should have opened a separate issue. Moving back sorry for the noise

[brendongo]

@caglarsayin since last week we have updated the invocation to not need the --debug option so semgrep-agent should be able to successfully complete.

[brendongo]

Closing as done I think this works with semgrep 0.85.0 onwards

[caglarsayin]

Thanks your are the best