Semgrep is a fast, open-source, static analysis engine for finding bugs, detecting vulnerabilities in third-party dependencies, and enforcing code standards. Semgrep analyzes code locally on your computer or in your build environment: code is never uploaded.
This repository is an implementation of OXO Agent for Semgrep.
To perform your first analysis, simply run the following command.
oxo scan run --install --agent agent/ostorlab/semgrep file code.c
This command will download and install agent/ostorlab/semgrep
and analyze the source file code.c
.
For more information, please refer to the OXO Documentation
Agent Semgrep can be installed directly from the oxo agent store or built from this repository.
oxo agent install agent/ostorlab/semgrep
You can then run the agent with the following command:
oxo scan run --install --agent agent/ostorlab/semgrep file code.c
- To build the semgrep agent you need to have oxo installed in your machine. If you have already installed oxo, you can skip this step.
pip3 install ostorlab
- Clone this repository.
git clone https://github.com/Ostorlab/agent_semgrep.git && cd agent_semgrep
- Build the agent image using oxo cli.
oxo agent build --file=ostorlab.yaml
You can pass the optional flag --organization
to specify your organisation. The organization is empty by default.
- Run the agent using on of the following commands:
- If you did not specify an organization when building the image:
oxo scan run --agent agent//semgrep file code.c
- If you specified an organization when building the image:
oxo scan run --agent agent/[ORGANIZATION]/semgrep file code.c