CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/pypi-semgrep

Lightweight static analysis for many languages with programmatic Python API for custom integrations.

Pending
Overview
Eval results
Files

configuration.mddocs/

Configuration Management

The configuration system handles loading, validating, and managing semgrep configurations from various sources including local files, rule registries, and cloud platforms.

Capabilities

Configuration Loading

Main functions for loading and resolving semgrep configurations.

def get_config(
    pattern: Optional[str],
    lang: Optional[str],
    config_strs: Sequence[str],
    *,
    project_url: Optional[str],
    replacement: Optional[str] = None,
    no_rewrite_rule_ids: bool = False,
    force_jsonschema: bool = False,
    no_python_schema_validation: bool = False,
) -> Tuple[Config, List[SemgrepError]]:
    """
    Get configuration from various sources.
    
    Parameters:
    - pattern (Optional[str]): Inline pattern to search for
    - lang (Optional[str]): Programming language to target  
    - config_strs (Sequence[str]): Sequence of config sources (files, registries, URLs)
    - project_url (Optional[str]): Project URL for context (keyword-only)
    - replacement (Optional[str]): Replacement string for autofix (keyword-only)
    - no_rewrite_rule_ids (bool): Disable rule ID rewriting (keyword-only)
    - force_jsonschema (bool): Force JSON schema validation (keyword-only)
    - no_python_schema_validation (bool): Skip Python schema validation (keyword-only)
    
    Returns:
    Tuple[Config, List[SemgrepError]]: Configuration object and any errors encountered
    """

def resolve_config(config_strings):
    """
    Resolve configuration strings to actual config objects.
    
    Parameters:
    - config_strings (list): List of configuration identifiers
    
    Returns:
    list: Resolved configuration objects
    """

def manual_config(rules_data, **kwargs):
    """
    Create configuration manually from rule data.
    
    Parameters:
    - rules_data (dict): Rule definitions and metadata
    - **kwargs: Additional configuration options
    
    Returns:
    Config: Manually created configuration object
    """

Configuration Parsing

Functions for parsing and validating configuration content.

def parse_config_string(config_str, config_id=None):
    """
    Parse YAML configuration string into rules.
    
    Parameters:
    - config_str (str): YAML configuration content
    - config_id (str, optional): Identifier for the configuration
    
    Returns:
    list: Parsed rule objects
    """

def validate_single_rule(rule_dict):
    """
    Validate a single rule against the schema.
    
    Parameters:
    - rule_dict (dict): Rule definition to validate
    
    Returns:
    Rule: Validated rule object
    
    Raises:
    InvalidRuleSchemaError: If rule validation fails
    """

Classes

Configuration Classes

class Config:
    """
    Main configuration container for semgrep scans.
    
    Attributes:
    - rules (list): List of Rule objects to execute
    - metadata (dict): Configuration metadata and settings
    - rule_source (RuleScanSource): Source of the rules
    - valid (bool): Whether configuration is valid
    """
    def __init__(self, rules=None, **kwargs): ...
    
    def add_rule(self, rule): ...
    def remove_rule(self, rule_id): ...
    def get_rules_by_language(self, language): ...

class ConfigLoader:
    """
    Loads and validates configurations from various sources.
    
    Methods for loading from files, registries, and remote sources.
    """
    def __init__(self, **kwargs): ...
    
    def load_from_file(self, config_path): ...
    def load_from_registry(self, registry_id): ...  
    def load_from_url(self, url): ...
    def validate_config(self, config): ...

class ConfigFile:
    """
    Represents a configuration file with metadata.
    
    Attributes:
    - config_id (str): Unique identifier for the config
    - contents (str): Raw configuration content
    - config_path (str): Path to the configuration file
    """
    config_id: str
    contents: str  
    config_path: str

Configuration Types

class ConfigType:
    """
    Enumeration of configuration source types.
    
    Values:
    - REGISTRY: Configuration from semgrep registry
    - SEMGREP_CLOUD_PLATFORM: Configuration from semgrep cloud
    - LOCAL: Local configuration files
    """
    REGISTRY = "registry"
    SEMGREP_CLOUD_PLATFORM = "semgrep_cloud_platform"
    LOCAL = "local"

Usage Examples

Loading Rules from Registry

from semgrep.config_resolver import get_config

# Load security audit rules
config = get_config(config_strs=["p/security-audit"])

# Load multiple rule sets
config = get_config(config_strs=["p/security-audit", "p/owasp-top-ten"])

# Load local configuration file
config = get_config(config_strs=["./my-rules.yml"])

Creating Custom Configuration

from semgrep.config_resolver import manual_config, parse_config_string

# Parse YAML rule content
yaml_content = """
rules:
- id: test-rule
  pattern: password = "..."
  message: Hard-coded password
  languages: [python]
  severity: ERROR
"""

rules = parse_config_string(yaml_content)
config = manual_config({"rules": rules})

Install with Tessl CLI

npx tessl i tessl/pypi-semgrep

docs

cicd-integration.md

configuration.md

core-scanning.md

error-handling.md

index.md

output-formatting.md

rules-matches.md

target-management.md

tile.json