With SecApps Triage and SecApps Connect, you can ingest data from external tools such as Semgrep. Here is how you can do it.

  1. Open SecApps Connect.
  2. Select your preferred team if there are any.
  3. Click "Add Connect" button from the toolbar.
  4. Add a name and a description. You can also leave these fields blank.
  5. Select "Hook" service.
  6. Select "semgrep" resource.
  7. Select "Triage" type.
  8. Adjust the configuration options to match your specific needs.
  9. Click "Add".

The newly created SecApps Connect resource should read "resources matching semgrep from service hook export vulnerabilities to triage".

Connect Semgrep

Copy the hook URL. You will find this information at the bottom of the configuration screen. You will use this information to configure Semgrep next.

Connect Semgrep Hook URL

Semgrep Direct Upload

You can use this method to upload the report directly from Semgrep. Use the hook URL for the -json -o option like this:

semgrep -json -o $SA_CONNECT_HOOK_URL --config=auto /path/to/scan

The only SecApps Connect option are -json -o $SA_CONNECT_HOOK_URL which points to the URL endpoint copied in the previous step.

Semgrep Secondary Upload

You can upload any Semgrep JSON document to SecApps connect with essential tools such as curl. Use the -json -o option to save a json document first:

semgrep -json -o output.json --config=auto /path/to/scan

Afer that you can upload the document to SecApps Triage like this:

curl -X PUT $SA_CONNECT_HOOK_URL --data @output.json