Skip to content

Ostorlab/agent_semgrep

Repository files navigation

Agent Semgrep

Semgrep is a fast, open-source, static analysis engine for finding bugs, detecting vulnerabilities in third-party dependencies, and enforcing code standards. Semgrep analyzes code locally on your computer or in your build environment: code is never uploaded.


This repository is an implementation of OXO Agent for Semgrep.

Getting Started

To perform your first analysis, simply run the following command.

oxo scan run --install --agent agent/ostorlab/semgrep file code.c

This command will download and install agent/ostorlab/semgrep and analyze the source file code.c. For more information, please refer to the OXO Documentation

Usage

Agent Semgrep can be installed directly from the oxo agent store or built from this repository.

Install directly from oxo agent store

oxo agent install agent/ostorlab/semgrep

You can then run the agent with the following command: oxo scan run --install --agent agent/ostorlab/semgrep file code.c

Build directly from the repository

  1. To build the semgrep agent you need to have oxo installed in your machine. If you have already installed oxo, you can skip this step.
pip3 install ostorlab
  1. Clone this repository.
git clone https://github.com/Ostorlab/agent_semgrep.git && cd agent_semgrep
  1. Build the agent image using oxo cli.
oxo agent build --file=ostorlab.yaml

You can pass the optional flag --organization to specify your organisation. The organization is empty by default.

  1. Run the agent using on of the following commands:
    • If you did not specify an organization when building the image:
    oxo scan run --agent agent//semgrep file code.c
    • If you specified an organization when building the image:
    oxo scan run --agent agent/[ORGANIZATION]/semgrep file code.c

License

Apache