With SecApps Triage and SecApps Connect, you can ingest data from external tools such as Semgrep.
- static code scanning
With SecApps Triage and SecApps Connect, you can ingest data from external tools such as Semgrep. Here is how you can do it.
- Open SecApps Connect.
- Select your preferred team if there are any.
- Click "Add Connect" button from the toolbar.
- Add a name and a description. You can also leave these fields blank.
- Select "Hook" service.
- Select "semgrep" resource.
- Select "Triage" type.
- Adjust the configuration options to match your specific needs.
- Click "Add".
The newly created SecApps Connect resource should read "resources matching semgrep from service hook export vulnerabilities to triage".
Copy the hook URL. You will find this information at the bottom of the configuration screen. You will use this information to configure Semgrep next.
Semgrep Direct Upload
You can use this method to upload the report directly from Semgrep. Use the hook URL for the
-json -o option like this:
semgrep -json -o $SA_CONNECT_HOOK_URL --config=auto /path/to/scan
The only SecApps Connect option are
-json -o $SA_CONNECT_HOOK_URL which points to the URL endpoint copied in the previous step.
Semgrep Secondary Upload
You can upload any Semgrep JSON document to SecApps connect with essential tools such as curl. Use the
-json -o option to save a json document first:
semgrep -json -o output.json --config=auto /path/to/scan
Afer that you can upload the document to SecApps Triage like this:
curl -X PUT $SA_CONNECT_HOOK_URL -H 'Content-Type: application/json' --data @output.json