or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

cicd-integration.mdconfiguration.mdcore-scanning.mderror-handling.mdindex.mdoutput-formatting.mdrules-matches.mdtarget-management.md

configuration.mddocs/

0
# Configuration Management
1


2
The configuration system handles loading, validating, and managing semgrep configurations from various sources including local files, rule registries, and cloud platforms.
3


4
## Capabilities
5


6
### Configuration Loading
7


8
Main functions for loading and resolving semgrep configurations.
9


10
```python { .api }
11
def get_config(
12
    pattern: Optional[str],
13
    lang: Optional[str],
14
    config_strs: Sequence[str],
15
    *,
16
    project_url: Optional[str],
17
    replacement: Optional[str] = None,
18
    no_rewrite_rule_ids: bool = False,
19
    force_jsonschema: bool = False,
20
    no_python_schema_validation: bool = False,
21
) -> Tuple[Config, List[SemgrepError]]:
22
    """
23
    Get configuration from various sources.
24
    
25
    Parameters:
26
    - pattern (Optional[str]): Inline pattern to search for
27
    - lang (Optional[str]): Programming language to target  
28
    - config_strs (Sequence[str]): Sequence of config sources (files, registries, URLs)
29
    - project_url (Optional[str]): Project URL for context (keyword-only)
30
    - replacement (Optional[str]): Replacement string for autofix (keyword-only)
31
    - no_rewrite_rule_ids (bool): Disable rule ID rewriting (keyword-only)
32
    - force_jsonschema (bool): Force JSON schema validation (keyword-only)
33
    - no_python_schema_validation (bool): Skip Python schema validation (keyword-only)
34
    
35
    Returns:
36
    Tuple[Config, List[SemgrepError]]: Configuration object and any errors encountered
37
    """
38


39
def resolve_config(config_strings):
40
    """
41
    Resolve configuration strings to actual config objects.
42
    
43
    Parameters:
44
    - config_strings (list): List of configuration identifiers
45
    
46
    Returns:
47
    list: Resolved configuration objects
48
    """
49


50
def manual_config(rules_data, **kwargs):
51
    """
52
    Create configuration manually from rule data.
53
    
54
    Parameters:
55
    - rules_data (dict): Rule definitions and metadata
56
    - **kwargs: Additional configuration options
57
    
58
    Returns:
59
    Config: Manually created configuration object
60
    """
61
```
62


63
### Configuration Parsing
64


65
Functions for parsing and validating configuration content.
66


67
```python { .api }
68
def parse_config_string(config_str, config_id=None):
69
    """
70
    Parse YAML configuration string into rules.
71
    
72
    Parameters:
73
    - config_str (str): YAML configuration content
74
    - config_id (str, optional): Identifier for the configuration
75
    
76
    Returns:
77
    list: Parsed rule objects
78
    """
79


80
def validate_single_rule(rule_dict):
81
    """
82
    Validate a single rule against the schema.
83
    
84
    Parameters:
85
    - rule_dict (dict): Rule definition to validate
86
    
87
    Returns:
88
    Rule: Validated rule object
89
    
90
    Raises:
91
    InvalidRuleSchemaError: If rule validation fails
92
    """
93
```
94


95
## Classes
96


97
### Configuration Classes
98


99
```python { .api }
100
class Config:
101
    """
102
    Main configuration container for semgrep scans.
103
    
104
    Attributes:
105
    - rules (list): List of Rule objects to execute
106
    - metadata (dict): Configuration metadata and settings
107
    - rule_source (RuleScanSource): Source of the rules
108
    - valid (bool): Whether configuration is valid
109
    """
110
    def __init__(self, rules=None, **kwargs): ...
111
    
112
    def add_rule(self, rule): ...
113
    def remove_rule(self, rule_id): ...
114
    def get_rules_by_language(self, language): ...
115


116
class ConfigLoader:
117
    """
118
    Loads and validates configurations from various sources.
119
    
120
    Methods for loading from files, registries, and remote sources.
121
    """
122
    def __init__(self, **kwargs): ...
123
    
124
    def load_from_file(self, config_path): ...
125
    def load_from_registry(self, registry_id): ...  
126
    def load_from_url(self, url): ...
127
    def validate_config(self, config): ...
128


129
class ConfigFile:
130
    """
131
    Represents a configuration file with metadata.
132
    
133
    Attributes:
134
    - config_id (str): Unique identifier for the config
135
    - contents (str): Raw configuration content
136
    - config_path (str): Path to the configuration file
137
    """
138
    config_id: str
139
    contents: str  
140
    config_path: str
141
```
142


143
### Configuration Types
144


145
```python { .api }
146
class ConfigType:
147
    """
148
    Enumeration of configuration source types.
149
    
150
    Values:
151
    - REGISTRY: Configuration from semgrep registry
152
    - SEMGREP_CLOUD_PLATFORM: Configuration from semgrep cloud
153
    - LOCAL: Local configuration files
154
    """
155
    REGISTRY = "registry"
156
    SEMGREP_CLOUD_PLATFORM = "semgrep_cloud_platform"
157
    LOCAL = "local"
158
```
159


160
## Usage Examples
161


162
### Loading Rules from Registry
163


164
```python
165
from semgrep.config_resolver import get_config
166


167
# Load security audit rules
168
config = get_config(config_strs=["p/security-audit"])
169


170
# Load multiple rule sets
171
config = get_config(config_strs=["p/security-audit", "p/owasp-top-ten"])
172


173
# Load local configuration file
174
config = get_config(config_strs=["./my-rules.yml"])
175
```
176


177
### Creating Custom Configuration
178


179
```python
180
from semgrep.config_resolver import manual_config, parse_config_string
181


182
# Parse YAML rule content
183
yaml_content = """
184
rules:
185
- id: test-rule
186
  pattern: password = "..."
187
  message: Hard-coded password
188
  languages: [python]
189
  severity: ERROR
190
"""
191


192
rules = parse_config_string(yaml_content)
193
config = manual_config({"rules": rules})
194
```