Use Semgrep patterns
Since Packmind 4.12.0 (released in May 2023), it's possible to write Semgrep patterns to detect best practices.
Last updated
Since Packmind 4.12.0 (released in May 2023), it's possible to write Semgrep patterns to detect best practices.
Last updated
Semgrep is an open-source, lightweight static analysis tool for code. Semgrep aims to help developers identify security vulnerabilities, bugs, and potential issues in their code by scanning it for patterns and expressions. The tool supports 30+ programming languages, including Python, JavaScript, Go, among others. The complete list of supported languages is available here.
Semgrep's name is derived from "semantic grep" as it extends the functionality of traditional grep UNIX command to encompass abstract syntax trees (ASTs) and the semantic structure of code rather than merely searching for text patterns.
One key feature is defining custom rules using a simple YAML-based syntax. With Packmind, you can define custom rules for your best practice, when it's possible to define one. It offers a more advanced mechanism in comparison to the regular expressions.
The best way to learn to write Semgrep rules is to check the Semgrep documentation.
The doc center also offers an interactive tutorial to write your first rules. You can browse the public registry to explore rules and examples of patterns.
Finally, reach the #support channel in our public Slack to get support, we'd be happy to help you in writing your rules 👍
To add a Semgrep pattern to a best practice, open it and click on the Configure Automatic Suggestion link to open this window, and click on the button Add a Semgrep configuration.
You'll get this configuration panel where you're invited to write the Semgrep patterns section of the rule:
As you can see, only a sub-part of a full Semgrep rule description is needed. If we consider a complete Semgrep rule, only the pattern / patterns section is required:
You'll need the specify the target programming language of the rule. Indeed, inversely to regular expressions, Semgrep is aware of the code structure for its supported languages.
Before saving a rule, Packmind will check whether the configuration is valid. A message Pattern is invalid. will indicate your pattern must be fixed.
Other examples are available on the public Semgrep Registry.
