Semgrep Plugin for Steampipe

Use SQL to query your security findings from Semgrep

• Get started →
• Documentation: Table definitions & examples
• Community: Join #steampipe on Slack →
• Get involved: Issues

Quick start

Install the plugin with Steampipe:

steampipe plugin install gabrielsoltz/semgrep

Configure the API token in ~/.steampipe/config/semgrep.spc:

connection "semgrep" {
  plugin = "gabrielsoltz/semgrep"

  # The base URL of Semgrep. Required.
  # This can be set via the `SEMGREP_URL` environment variable.
  # base_url = "https://semgrep.dev/api/v1"

  # The access token required for API calls. Required.
  # This can also be set via the `SEMGREP_TOKEN` environment variable.
  # token = "45f86adc2nv54efd76151530rr629fc8953c2a111111fd74fa7d361d70e55759"
}

Or through environment variables:

export SEMGREP_URL=https://semgrep.dev/api/v1
export SEMGREP_TOKEN=45f86adc2nv54efd76151530rr629fc8953c2a111111fd74fa7d361d70e55759

Run a query:

select
  triage_state,
  severity,
  state,
  rule_message,
  repository ->> 'name' as repo_name
from
  semgrep_finding
where
  state = 'unresolved';

+--------------+----------+------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------+
| triage_state | severity | state      | rule_message                                                                                                                                                                                                                              | repo_name                              |
+--------------+----------+------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------+
| untriaged    | medium   | unresolved | Detected possible formatted SQL query. Use parameterized queries instead.                                                                                                                                                                 | gabrielsoltz/steampipe-plugin-semgrep |
| untriaged    | medium   | unresolved | Service 'localstack' allows for privilege escalation via setuid or setgid binaries. Add 'no-new-privileges:true' in 'security_opt' to prevent this.                                                                                       | gabrielsoltz/steampipe-plugin-semgrep |
+--------------+----------+------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------+

Development

Prerequisites:

• Steampipe
• Golang

Clone:

git clone https://github.com/gabrielsoltz/steampipe-plugin-semgrep.git
cd steampipe-plugin-semgrep

Build, which automatically installs the new version to your ~/.steampipe/plugins directory:

make

Configure the plugin:

cp config/* ~/.steampipe/config
vi ~/.steampipe/config/semgrep.spc

Try it!

steampipe query
> .inspect semgrep

Further reading:

• Writing plugins
• Writing your first table

Contributing

Please see the contribution guidelines and our code of conduct. All contributions are subject to the Apache 2.0 open source license.

help wanted issues:

• Steampipe
• Semgrep Plugin