Semgrep Pro Tier Integration
Integrating with Semgrep Pro Tier
Overview
Semgrep Pro Tier integration enables you to use Semgrep's Pro Tier (commercial) Static Code Anaylsis (SAST) and Software Component Analysis (SCA) within Jit's platform.
Activating and disabling Semgrep Pro Tier integration
To activate Semgrep Pro SAST & SCA
- From Semgrep's platform, select Settings > Tokens and create a new Agent (CI) token.
- From the Jit platform, select Secrets in the menu bar under Settings.
- Follow the instructions in Secrets to store this token as a secret called
SEMGREP_TOKEN
. - Activate the SAST and SCA plan items from the relevant security plan. Go to Security Plans and click it. For example, SAST and SCA are part of Jit MVS for AppSec Plan.
- Activate Semgrep's Pro Tier SAST & SCA by adding the following snippet at the bottom of the
jit-plan.yml
file in your.jit
repository, or in the repository where you manage Jit's configurations:
override:
workflows:
sca:
jobs:
software-component-analysis-semgrep-pro:
enabled: true
sast:
jobs:
static-code-analysis-semgrep-pro:
enabled: true
- Disable other SAST & SCA jobs to prevent conflicts. Your
jit-plan.yml
overrides should look as follows:
override:
workflows:
sca:
jobs:
software-component-analysis:
enabled: false
software-component-analysis-go:
enabled: false
software-component-analysis-js:
enabled: false
software-component-analysis-semgrep-pro:
enabled: true
sast:
jobs:
static-code-analysis-csharp:
enabled: false
static-code-analysis-go:
enabled: false
static-code-analysis-java:
enabled: false
static-code-analysis-js:
enabled: false
static-code-analysis-kotlin:
enabled: false
static-code-analysis-python:
enabled: false
static-code-analysis-python-semgrep:
enabled: false
static-code-analysis-rust:
enabled: false
static-code-analysis-scala:
enabled: false
static-code-analysis-swift:
enabled: false
static-code-analysis-ruby:
enabled: false
static-code-analysis-c-cpp:
enabled: false
software-component-analysis-semgrep-pro:
enabled: true
Additional information
- This code overrides the original Jit configuration by disabling Jit's SAST and SCA tools and enabling Semgrep's Pro Tier.
- You can add or delete this code any time you want to switch between Semgrep's Pro Tier and Jit's SAST / SCA.
- To only activate Semgrep's Pro Tier SAST, delete the entire SCA block.
- To only activate Semgrep's Pro Tier SCA, delete the entire SAST block.
To disable Semgrep's Pro Tier SAST & SCA
Delete the above code from your .jit/jit-plan.yml
. This reverts your plan back to Jit's tools for SAST and SCA.
Updated 2 months ago