steampipe plugin install gabrielsoltz/semgrepsteampipe plugin install gabrielsoltz/semgrep

Semgrep + Steampipe

Semgrep is a Fast, customizable, and developer-oriented SAST. Scan 30+ languages with 2,750+ Community and Pro rules.

Steampipe is an open source CLI to instantly query cloud APIs using SQL.

Query your security findings and filter by state:

select
triage_state,
severity,
state,
rule_message,
repository ->> 'name' as repo_name
from
semgrep_finding
where
deployment_slug = 'my-company'
and state = 'unresolved';
+--------------+----------+------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------+
| triage_state | severity | state | rule_message | repo_name |
+--------------+----------+------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------+
| untriaged | medium | unresolved | Detected possible formatted SQL query. Use parameterized queries instead. | gabrielsoltz/steampipe-plugin-semgrep |
| untriaged | medium | unresolved | Service 'localstack' allows for privilege escalation via setuid or setgid binaries. Add 'no-new-privileges:true' in 'security_opt' to prevent this. | gabrielsoltz/steampipe-plugin-semgrep |
+--------------+----------+------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------+

Documentation

Table definitions & examples →

Get started

Install

Download and install the latest Semgrep plugin:

steampipe plugin install gabrielsoltz/semgrep

Configuration

Installing the latest Semgrep plugin will create a config file (~/.steampipe/config/semgrep.spc) with a single connection named semgrep:

connection "semgrep" {
plugin = "gabrielsoltz/semgrep"
# The base URL of Semgrep. Required.
# This can be set via the `SEMGREP_URL` environment variable.
# base_url = "https://semgrep.dev/api/v1"
# The access token required for API calls. Required.
# This can also be set via the `SEMGREP_TOKEN` environment variable.
# token = "45f86adc2nv54efd76151530rr629fc8953c2a111111fd74fa7d361d70e55759"
}
  • token - Required access token from Semgrep

Alternatively, you can also use the standard Semgrep environment variables to obtain credentials only if other arguments (base_urland token) are not specified in the connection:

export SEMGREP_URL=https://semgrep.dev/api/v1
export SEMGREP_TOKEN=45f86adc2nv54efd76151530rr629fc8953c2a111111fd74fa7d361d70e55759

Get involved