Semgrep is a fast, static analysis tool powered by an open-source engine for finding bugs, detecting vulnerabilities, and enforcing code standards. Semgrep Visual Studio Code extension scans lines when you change or open files or all files in your workspace. It offers:
It's highly recommended that macOS, Linux, and WSL users install the Semgrep command-line interface (CLI) before using the Semgrep VS Code extension for a more performant and stable experience. The extension communicates with the CLI to run scans. To install the CLI:
# macOS
$ brew install semgrep
# Ubuntu/WSL/Linux/macOS
$ python3 -m pip install semgrep
Semgrep: Sign in
You can use the extension without signing in, but doing so enables better results since you benefit from Semgrep Code and its Pro rules.
Semgrep: Scan all files in workspace
To see detailed vulnerability information, hover over the code that's underlined in yellow. You can also see the findings identified by Semgrep using ⇧Shift+Ctrl+M or ⌘Command+⇧Shift+M (macOS) and opening the Problems tab.
Try Autofix.
https://github.com/returntocorp/semgrep-vscode/assets/626337/3b6a730d-57e9-48a4-8065-9fa52388d77a
Add and update new rules to expand Semgrep extension capabilities.
https://github.com/returntocorp/semgrep-vscode/assets/626337/fed6b6ec-e0b5-495b-a488-4f3c805dd58b
Fine-tune and customize the rules Semgrep uses to improve your scan results:
Semgrep: Update rules
.Semgrep supports 30+ languages, including:
Apex · Bash · C · C++ · C# · Clojure · Dart · Dockerfile · Elixir · HTML · Go · Java · JavaScript · JSX · JSON · Julia · Jsonnet · Kotlin · Lisp · Lua · OCaml · PHP · Python · R · Ruby · Rust · Scala · Scheme · Solidity · Swift · Terraform · TypeScript · TSX · YAML · XML · Generic (ERB, Jinja, etc.)
To configure the Semgrep extension, open its Extension Settings page:
auto
to automatically obtain rules tailored to your project. Semgrep uses your project URL to log into the Semgrep Registry. See Running rules for more information. Run Semgrep: Update rules
using the Visual Studio Code Command Palette to update the rules configuration for your next scan whenever you change the rule configuration.The following experimental features should only be used upon recommendation by Semgrep:
Run Semgrep extension commands through the Visual Studio Code Command Palette. You can access the Command Palette using Ctrl+⇧Shift+P or ⌘Command+⇧Shift+P (macOS). The following list includes all available Semgrep extension commands:
Semgrep: Scan all files in a workspace
: Scan all files in the current workspace.Semgrep Search: Clear
: Clear pattern searches from the Primary Side Bar's Semgrep Search view.Semgrep Search: Focus on Search Results View
: Bring the Primary Side Bar's Semgrep Search view into focusSemgrep Restart Language Server
: Restart the language serverSemgrep: Scan changed files in a workspace
: Scan files that have been changed since the last commit in your current workspace.Semgrep: Search by pattern
: Search for patterns in code using Semgrep pattern syntax. For more information, see Pattern syntax documentation.Semgrep: Show Generic AST
: Show generic AST in a new windowSemgrep: Show named Generic AST
: Show named AST in a new windowSemgrep: Sign in
: Sign in or log in to the Semgrep Cloud Platform (this command opens a new window in your browser). When you sign in, you can automatically scan with Semgrep Pro rules and add additional rules to the Policies in Semgrep Code. If you are logged in with the command-line interface using semgrep login
, you are already signed in with the Visual Studio Code Semgrep extension also. Alternatively, you can log in through your command-line interface by running semgrep login
.Semgrep: Sign out
: Log out from Semgrep Cloud Platform. Alternatively, you can sign out through your command-line interface by running semgrep logout
.Semgrep: Update rules
: For logged-in users. If the rules in the Policies or rules included through the Semgrep › Scan: Configuration configuration option have been changed, this command loads the new configuration of your rules for your next scan.Tip: You can click the Semgrep icon in the Visual Studio Code to access all available commands quickly.
If you need our support, join the Semgrep community Slack workspace and tell us about any problems you encounter.