steampipe plugin install gabrielsoltz/semgrepsteampipe plugin install gabrielsoltz/semgrep

semgrep_deployment semgrep_finding semgrep_project

Table: semgrep_finding

A Semgrep finding is a detailed report or notification generated by the Semgrep static code analysis tool when it detects a problem or anomaly within the source code of a software application. These findings typically include information about the location of the issue within the codebase, a description of the problem, and often a severity rating to help prioritize and address the identified concern.

Examples

List all Semgrep findings

select
  id,
  state,
  repository,
  triage_state,
  severity,
  confidence,
  rule_name
from
  semgrep_finding;

List all Semgrep findings for a specific deployment

select
  id,
  state,
  repository,
  triage_state,
  severity,
  confidence,
  rule_name
from
  semgrep_finding
where
  deployment_slug = 'my-deployment';

List all Semgrep findings with high severity that are not triaged

select
  id,
  state,
  repository,
  triage_state,
  severity,
  confidence,
  rule_name
from
  semgrep_finding
where
  severity = 'high'
  and triage_state = 'untriaged';

List all Semgrep findings with high severity that are not triaged for repository gabrielsoltz/steampipe-plugin-semgrep

select
  id,
  state,
  repository,
  triage_state,
  severity,
  confidence,
  rule_name
from
  semgrep_finding
where
  severity = 'high'
  and triage_state = 'untriaged'
  and repository ->> 'name' = 'gabrielsoltz/steampipe-plugin-semgrep';

Group findings by severity for repository gabrielsoltz/steampipe-plugin-semgrep

select
  count(*) as findings,
  severity
from
  semgrep_finding
where
  repository ->> 'name' = 'gabrielsoltz/steampipe-plugin-semgrep'
group by
  severity;

Schema for semgrep_finding

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form, e.g. connection_name.
categories	jsonb		The categories of the finding as classified by the associated rule metdata.
confidence	text		Confidence of the rule that triggered the finding.
deployment_slug	text	=	Sanitized machine-readable name of the deployment.
first_seen_scan_id	bigint		First seen scan.
id	text		Unique ID of this finding.
location	jsonb		Location of the record in a file, as reported by Semgrep. If null, then the information does not exist or lacks integrity (older or broken scans).
match_based_id	text		ID calculated based on a finding's file path, rule id, and the rule index.
ref	text		External reference to the source of this finding (e.g. PR).
relevant_since	timestamp with time zone		Relevant since.
repository	jsonb		Which repository is this finding a part of, defined via name.
rule_message	text		Rule message on the time of rule triggering. Older findings might have the value missing/removed.
rule_name	text		Rule name of rule triggering.
severity	text		Severity of the rule that triggered the finding. Ranges from low, which would correlate to info, up to high which would correlate to error.
sourcing_policy	jsonb		Reference to a policy, with some basic information. If null, then the information does not exist or lacks integrity (older or broken scans).
state	text		Status of the finding's resolution.
state_updated_at	timestamp with time zone		When this issues' state was last updated.
syntactic_id	text		Syntatic id.
triage_comment	text		Triage comment.
triage_state	text		Status of the finding's triaging.
triaged_at	timestamp with time zone		Triaged at.