Package io.codemodder.providers.sarif.semgrep

Annotation Interface SemgrepScan

@Documented @Qualifier @Retention(RUNTIME) @Target(PARAMETER) public @interface SemgrepScan
This tells the framework to inject the results of a Semgrep scan into the following parameter. This can only inject RuleSarif types.

  • Optional Element Summary

    Optional Elements
    Modifier and Type
    Optional Element
    Description
    String
    pathToYaml
    The classpath resource path of the Semgrep YAML file.
    String
    ruleId
    The Semgrep rule "id" field from the YAML.
    String
    yaml
    A YAML string that represents Semgrep rule(s).

  • Element Details

    • yaml

      String yaml
      A YAML string that represents Semgrep rule(s).
      Default:
      ""

    • pathToYaml

      String pathToYaml
      The classpath resource path of the Semgrep YAML file. It is assumed the path will be in the same package as the Codemod.

      So, for instance, if you had a codemod in com.acme.codemods, and a YAML rule file in /com/acme/codemods/my-rule.yaml, you would simply specify "my-rule.yaml" for this value.

      Default:
      ""

    • ruleId

      String ruleId
      The Semgrep rule "id" field from the YAML. This is needed to disambiguate Semgrep results as we consolidate Semgrep rules into one scan. If unspecified, the rule ID will be assumed to be the one and only rule specified in the YAML. If there are multiple rules in the YAML, the rule desired by the codemod will be ambiguous and an error will occur.
      Default:
      ""