v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →

Plugins

gabrielsoltz/semgrep

steampipe plugin install gabrielsoltz/semgrepsteampipe plugin install gabrielsoltz/semgrep

semgrep_deployment semgrep_finding semgrep_project semgrep_sca_finding

Table: semgrep_finding

A Semgrep finding is a detailed report or notification generated by the Semgrep static code analysis tool when it detects a problem or anomaly within the source code of a software application. These findings typically include information about the location of the issue within the codebase, a description of the problem, and often a severity rating to help prioritize and address the identified concern.

Examples

List all Semgrep findings

select
  id,
  state,
  repository,
  triage_state,
  severity,
  rule_name
from
  semgrep_finding;

List all Semgrep findings for a specific deployment

select
  id,
  state,
  repository,
  triage_state,
  severity,
  rule_name
from
  semgrep_finding
where
  deployment_slug = 'my-deployment';

List all Semgrep findings with high severity that are not triaged

select
  id,
  state,
  repository,
  triage_state,
  severity,
  rule_name
from
  semgrep_finding
where
  severity = 'high'
  and triage_state = 'untriaged';

List all Semgrep findings with high severity that are not triaged for repository gabrielsoltz/steampipe-plugin-semgrep

select
  id,
  state,
  repository,
  triage_state,
  severity,
  rule_name
from
  semgrep_finding
where
  severity = 'high'
  and triage_state = 'untriaged'
  and repository ->> 'name' = 'gabrielsoltz/steampipe-plugin-semgrep';

Group findings by severity for repository gabrielsoltz/steampipe-plugin-semgrep

select
  count(*) as findings,
  severity
from
  semgrep_finding
where
  repository ->> 'name' = 'gabrielsoltz/steampipe-plugin-semgrep'
group by
  severity;

Schema for semgrep_finding

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
assistant	jsonb		Semgrep Assistant data. Only present if Assistant is enabled.
categories	jsonb		The categories of the finding as classified by the associated rule metdata.
confidence	text		Confidence of the finding, derived from the rule that triggered it.
created_at	timestamp with time zone		The timestamp when this finding was created.
deployment_slug	text	=	Sanitized machine-readable name of the deployment.
external_ticket	jsonb		External ticket associated with finding.
first_seen_scan_id	bigint		Unique ID of the Semgrep scan that first identified this finding.
id	text		Unique ID of this finding.
line_of_code_url	text		The source URL including file and line number..
location	jsonb		Location of the record in a file, as reported by Semgrep. If null, then the information does not exist or lacks integrity (older or broken scans).
match_based_id	text		ID calculated based on a finding's file path, rule id, and the rule index.
ref	text		External reference to the source of this finding (e.g. PR).
relevant_since	timestamp with time zone		The timestamp when this finding was detected by Semgrep (the first time, or when reintroduced).
repository	jsonb		Which repository is this finding a part of, defined via name.
rule	jsonb		Rule that applies to this finding.
severity	text		Severity of the finding, derived from the rule that triggered it. Low is equivalent to INFO, Medium to WARNING, and High to ERROR.
sourcing_policy	jsonb		Reference to a policy, with some basic information. If null, then the information does not exist or lacks integrity (older or broken scans).
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
state	text		The finding's resolution state. Managed only by changes detected at scan time, the state is combined with triage_state to ultimately determine a final status which is exposed in the UI and API.
state_updated_at	timestamp with time zone		When this issue's state (resolution state) was last updated, as distinct from when the issue was triaged (triaged_at).
status	text		The finding's status as exposed in the UI. Status is a derived property combining information from the finding state and triage_state. The triage_state can be used to override the scan state if the finding is still detected.
syntactic_id	text		ID calculated based on a finding's file path, rule identifier and matched code, and index.
triage_comment	text		The detailed comment provided during triage.
triage_reason	text		Reason provided when this issue was triaged.
triage_state	text		The finding's triage state. Set by the user and used along with state to generate the final status viewable in the UI.
triaged_at	timestamp with time zone		When the finding was triaged.