Semgrepper

The extension integrates Semgrep static analysis into passive scanning, allowing users to apply custom Semgrep rules against HTTP responses. It enables security testing based on community-contributed rulesets, particularly useful for detecting client-side issues in JavaScript and other front-end technologies.

Features

• Multiple tabs for organizing different Semgrep rules and scopes
• Select individual files or entire directories of Semgrep YAML rule files
• Configure scope conditions based on presence or absence of content in response headers or body
• Enable or disable rule checks without unloading the extension

Prerequisites

This extension requires the Semgrep CLI to be installed on your system.

For Ubuntu, Windows through Windows Subsystem for Linux (WSL), Linux, macOS:

python3 -m pip install semgrep

For macOS:

brew install semgrep

Usage

1. In the "Rules Files" tab, choose the Semgrep YAML rules you want to apply.
2. In the "Scope" tab, set conditions that determine whether a rule applies to a specific response.
3. Use the toggle switch to activate or deactivate scanning for the current tab.
4. Passive scanning will apply the selected Semgrep rules to matching responses based on the defined scope.