How do I save or export reports/findings/results from Semgrep? - McMap

About

How do I save or export reports/findings/results from Semgrep?

Asked 19/5, 2022 at 16:38 Answered 24/5, 2022 at 16:20

Solved command-line-interface semgrep

C

1

9

When I run a scan, the findings are printed out on the CLI. How can I see or store these results? I can use piping (|) or output redirection (>) - but is there a semgrep-y or formatted way of saving these findings?

Caporal answered 19/5, 2022 at 16:38 Comment(1)

Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. – Tisiphone 20/5, 2022 at 3:24

C

15

After trying out some of the options in this CLI reference, I've been running the following command:

semgrep --config auto --output scan_results.json --json

(Substitute the config option for whichever Semgrep config/rulesets you use.)

This results in a JSON file with the following top-level attributes:

errors
paths
results
version

Semgrep JSON formatting

Among the other formats supported, there's also support for SARIF output, which is used to streamline the interchange of results across different SAST tools. Similar to JSON, the structure is as follows:

semgrep --config auto --output scan_results.sarif --sarif

Credit to Parsia on the Semgrep community slack for the SARIF tip.

Caporal answered 24/5, 2022 at 16:20 Comment(0)

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.