When I run a scan, the findings are printed out on the CLI. How can I see or store these results? I can use piping (|) or output redirection (>) - but is there a semgrep-y or formatted way of saving these findings?
Asked
Active
Viewed 3,407 times
5
-
Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. – Community May 20 '22 at 03:24
1 Answers
12
After trying out some of the options in this CLI reference, I've been running the following command:
semgrep --config auto --output scan_results.json --json
(Substitute the config option for whichever Semgrep config/rulesets you use.)
This results in a JSON file with the following top-level attributes:
- errors
- paths
- results
- version
Among the other formats supported, there's also support for SARIF output, which is used to streamline the interchange of results across different SAST tools. Similar to JSON, the structure is as follows:
semgrep --config auto --output scan_results.sarif --sarif
Credit to Parsia on the Semgrep community slack for the SARIF tip.
s-santillan
- 181
- 1
- 9