Skip to content

Semgrep scanner

πŸ€– AI-Generated Content

This documentation was generated with AI assistance and is still being audited. Some, or potentially a lot, of this information may be inaccurate. Learn more.

provide.testkit.quality.security.semgrep_scanner

Semgrep pattern-based static analysis security scanner implementation.

Classes

SemgrepScanner 

SemgrepScanner(config: dict[str, Any] | None = None)

Pattern-based static analysis security scanner using Semgrep.

Scans code for security vulnerabilities, bugs, and anti-patterns using customizable pattern rules. Supports many languages including Python, JavaScript, Go, Java, and more.

Initialize Semgrep scanner.

Parameters:

Name Type Description Default
config dict[str, Any] | None

Scanner configuration options. If "config" is not specified, will auto-detect .provide/security/semgrep.yml if it exists.

 None
Source code in provide/testkit/quality/security/semgrep_scanner.py 
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
def __init__(self, config: dict[str, Any] | None = None) -> None:
    """Initialize Semgrep scanner.

    Args:
        config: Scanner configuration options. If "config" is not specified,
                will auto-detect .provide/security/semgrep.yml if it exists.
    """
    if not SEMGREP_AVAILABLE:
        raise QualityToolError(
            "Semgrep not available. Install with: pip install semgrep",
            tool="semgrep",
        )

    self.config = config or {}
    self.artifact_dir: Path | None = None

    # Auto-detect config file if not explicitly specified
    if "config" not in self.config:
        default_config = self._get_default_config_path()
        if default_config:
            self.config["config"] = [str(default_config)]
Functions
analyze 
analyze(path: Path, **kwargs: Any) -> QualityResult

Run Semgrep analysis on the given path.

Parameters:

Name Type Description Default
path Path

Path to scan

 required
**kwargs Any

Additional options including artifact_dir

 {}

Returns:

Type Description
QualityResult

QualityResult with security analysis data
Source code in provide/testkit/quality/security/semgrep_scanner.py 
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
def analyze(self, path: Path, **kwargs: Any) -> QualityResult:
    """Run Semgrep analysis on the given path.

    Args:
        path: Path to scan
        **kwargs: Additional options including artifact_dir

    Returns:
        QualityResult with security analysis data
    """
    self.artifact_dir = kwargs.get("artifact_dir", Path(".provide/output/security"))
    start_time = time.time()

    try:
        result = self._run_semgrep_scan(path)
        result.execution_time = time.time() - start_time
        self._generate_artifacts(result)
        return result

    except Exception as e:
        return QualityResult(
            tool="semgrep",
            passed=False,
            details={"error": str(e), "error_type": type(e).__name__},
            execution_time=time.time() - start_time,
        )
report 
report(
    result: QualityResult, format: str = "terminal"
) -> str

Generate report from QualityResult.

Source code in provide/testkit/quality/security/semgrep_scanner.py 
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
def report(self, result: QualityResult, format: str = "terminal") -> str:
    """Generate report from QualityResult."""
    if format == "terminal":
        return self._generate_text_report(result)
    elif format == "json":
        return json.dumps(
            {
                "tool": result.tool,
                "passed": result.passed,
                "score": result.score,
                "details": result.details,
            },
            indent=2,
        )
    else:
        return str(result.details)

Functions