Semgrep

Returns a list of supported languages by Semgrep Only use this tool if you are not sure what languages Semgrep supports.

Fetches findings from the Semgrep AppSec Platform Findings API. This function retrieves security, code quality, and supply chain findings that have already been identified by previous Semgrep scans and uploaded to the Semgrep AppSec platform. It does NOT perform a new scan or analyze code directly. Instead, it queries the Semgrep API to access historical scan results for a given repository or set of repositories. DEFAULT BEHAVIOR: By default, this tool should filter by the current repository. The model should determine the current repository name and pass it in the 'repos' parameter to ensure findings are scoped to the relevant codebase. However, users may explicitly request findings from other repositories, in which case the model should respect that request. Use this function when a prompt requests a summary, list, or analysis of existing findings, such as: - "Please list the top 10 security findings and propose solutions for them." - "Show all open critical vulnerabilities in this repository." - "Summarize the most recent Semgrep scan results." - "Get findings from repository X" (explicitly requesting different repo) This function is ideal for: - Reviewing, listing, or summarizing findings from past scans. - Providing actionable insights or remediation advice based on existing scan data. Do NOT use this function to perform a new scan or check code that has not yet been analyzed by Semgrep. For new scans, use the appropriate scanning function. Args: issue_type (Optional[List[str]]): Filter findings by type. Use 'sast' for code analysis findings and 'sca' for supply chain analysis findings (e.g., ['sast'], ['sca']). status (Optional[str]): Filter findings by status (default: 'open'). repos (Optional[List[str]]): List of repository names to filter results. By default, should include the current repository name to scope findings appropriately. Can be overridden when users explicitly request findings from other repositories. severities (Optional[List[str]]): Filter findings by severity (e.g., ['critical', 'high']). confidence (Optional[List[str]]): Filter findings by confidence level (e.g., ['high']). autotriage_verdict (Optional[str]): Filter findings by auto-triage verdict (default: 'true_positive'). page (Optional[int]): Page number for paginated results. (default: 0) page_size (int): Number of findings per page (default: 100, min: 100, max: 3000). Returns: List[Finding]: A list of findings matching the specified filters, where each finding contains details such as rule ID, description, severity, file location, and remediation guidance if available.

Runs a Semgrep scan with a custom rule on provided code content and returns the findings in JSON format Use this tool when you need to: - scan code files for specific security vulnerability not covered by the default Semgrep rules - scan code files for specific issue not covered by the default Semgrep rules

Runs a Semgrep scan on provided code content and returns the findings in JSON format Use this tool when you need to: - scan code files for security vulnerabilities - scan code files for other issues