Table: semgrep_finding
A Semgrep finding is a detailed report or notification generated by the Semgrep static code analysis tool when it detects a problem or anomaly within the source code of a software application. These findings typically include information about the location of the issue within the codebase, a description of the problem, and often a severity rating to help prioritize and address the identified concern.
Examples
List all Semgrep findings
select id, state, repository, triage_state, severity, confidence, rule_namefrom semgrep_finding;
List all Semgrep findings for a specific deployment
select id, state, repository, triage_state, severity, confidence, rule_namefrom semgrep_findingwhere deployment_slug = 'my-deployment';
List all Semgrep findings with high severity that are not triaged
select id, state, repository, triage_state, severity, confidence, rule_namefrom semgrep_findingwhere severity = 'high' and triage_state = 'untriaged';
List all Semgrep findings with high severity that are not triaged for repository gabrielsoltz/steampipe-plugin-semgrep
select id, state, repository, triage_state, severity, confidence, rule_namefrom semgrep_findingwhere severity = 'high' and triage_state = 'untriaged' and repository ->> 'name' = 'gabrielsoltz/steampipe-plugin-semgrep';
Group findings by severity for repository gabrielsoltz/steampipe-plugin-semgrep
select count(*) as findings, severityfrom semgrep_findingwhere repository ->> 'name' = 'gabrielsoltz/steampipe-plugin-semgrep'group by severity;
Schema for semgrep_finding
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
categories | jsonb | The categories of the finding as classified by the associated rule metdata. | |
confidence | text | Confidence of the rule that triggered the finding. | |
deployment_slug | text | = | Sanitized machine-readable name of the deployment. |
first_seen_scan_id | bigint | First seen scan. | |
id | text | Unique ID of this finding. | |
location | jsonb | Location of the record in a file, as reported by Semgrep. If null, then the information does not exist or lacks integrity (older or broken scans). | |
match_based_id | text | ID calculated based on a finding's file path, rule id, and the rule index. | |
ref | text | External reference to the source of this finding (e.g. PR). | |
relevant_since | timestamp with time zone | Relevant since. | |
repository | jsonb | Which repository is this finding a part of, defined via name. | |
rule_message | text | Rule message on the time of rule triggering. Older findings might have the value missing/removed. | |
rule_name | text | Rule name of rule triggering. | |
severity | text | Severity of the rule that triggered the finding. Ranges from low, which would correlate to info, up to high which would correlate to error. | |
sourcing_policy | jsonb | Reference to a policy, with some basic information. If null, then the information does not exist or lacks integrity (older or broken scans). | |
state | text | Status of the finding's resolution. | |
state_updated_at | timestamp with time zone | When this issues' state was last updated. | |
syntactic_id | text | Syntatic id. | |
triage_comment | text | Triage comment. | |
triage_state | text | Status of the finding's triaging. | |
triaged_at | timestamp with time zone | Triaged at. |