Semgrep

Language / Framework:
Checks: ~5
Categories:

Semgrep is a lightweight, offline, open-source, static analysis tool. Due to licensing it doesn't ship with the community-created Semgrep rules, but you're free to use these in your own project.

Enable the Plugin

To enable Semgrep analysis, add the following to your .codeclimate.yml configuration file:

plugins:
  semgrep:
    enabled: true

More information about the CLI is available in the README here: https://github.com/codeclimate/codeclimate

Configure the Plugin

You may specify custom settings for the Semgrep plugin under the plugin's config node in your .codeclimate.yml:

plugins:
  semgrep:
    enabled: true
    config:
      - A
      - B
      - C

Enable the Plugin

Configure the Plugin

Understand the Plugin