Skip to main content

Semgrep

Semgrep is a code analysis tool that scans code to find and fix security vulnerabilities, bugs, and style issues in your organization's codebase. You can bring analysis data from Semgrep into Brinqa to prioritize and track the remediation efforts of those potential code issues to gain a unified view of your attack surface and strengthen your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with Semgrep and how to obtain that information from Semgrep. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select Semgrep from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Semgrep with Brinqa:

  • API URL: The Semgrep API URL. The default URL is https://semgrep.dev.

  • Access Token: The access token associated with the Semgrep account, which must have permissions to log in to the API server and return data.

    note

    The Semgrep account must be a Team or Enterprise tier account in order for the Semgrep connector to make API calls and return data.

Create a Semgrep access token

For the Semgrep connector to use the Semgrep Web API, you must provide an access token. Semgrep does not allow retrieving the access token for an existing user, therefore, you must generate a new access token instead. To do so, follow these steps:

  1. Log in to the Semgrep application at https://semgrep.dev/login.

  2. Navigate to Settings and click Tokens.

  3. Click API tokens and then click Create new token.

  4. The Create a token window appears with the new token. Give the token a name or leave it as is.

    You cannot view the token after this. Copy the access token (Secrets value) and save it to a secure location.

  5. Under Token scopes, select Web API. This ensures that the Semgrep connector pulls information from the Semgrep Web API.

  6. Click Save.

    Semgrep access token user interface

note

The above steps describe the minimum requirements for the Semgrep connector to work properly with Brinqa. For additional information, see Semgrep documentation.

Additional settings

The Semgrep connector contains additional options for specific configuration:

  • Parallel requests: The maximum number of parallel API requests. The default setting is 4.

  • Maximum retries: The maximum number of times that the integration attempts to connect to the Semgrep API before giving up and reporting a failure. The default setting is 10.

Types of data to retrieve

The Semgrep connector can retrieve the following types of data from the Semgrep API:

Table 1: Data retrieved from Semgrep

Connector ObjectRequiredMaps to Data Model
Semgrep Code ProjectYesCode Project
Semgrep Open Source FindingYesOpen Source Finding
Semgrep Open Source Finding DefinitionYesOpen Source Finding Definition
Semgrep Static Code FindingYesStatic Code Finding
Semgrep Static Code Finding DefinitionYesStatic Code Finding Definition
info

The Semgrep connector does not currently support operation options for the types of data it retrieves.

For detailed steps on how to view the data retrieved from Semgrep in the Brinqa Platform, see How to view your data.

Attribute mappings

Expand the sections below to view the mappings between the source and the Brinqa data model attributes.

Semgrep Code Project

Table 2: Semgrep Code Project Attribute Mappings

Semgrep Field NameMaps to Brinqa Attribute
activestatus
project.categoriescategories
project.namename
project.nameuid
project.tagstags
project.urlurl
Semgrep Open Source Finding

Table 3: Semgrep Open Source Finding Attribute Mappings

Semgrep Field NameMaps to Brinqa Attribute
buildPath(finding.location)path
finding.confidenceconfidence
finding.first_seen_scan_idfirstSeenScanId
finding.iduid
finding.location.columnstartColumn
finding.location.linestartLine
finding.location.endColumnendColumn
finding.location.endLineendLine
finding.match_based_idmatchBasedId
finding.refsourceRef
finding.repository.nametargets
finding.repository.urlrepositoryUrl
finding.relevant_sincefirstFound
finding.rule.cweNamescweIds
finding.rule.messageruleMessage
finding.rule.nametype
finding.statusproviderStatus
finding.statussourceStatus
finding.syntactic_idsyntacticId
finding.triage_commenttriagedComment
finding.triage_statetriageState
finding.triaged_atlastFixed
finding.triaged_attriagedAt
normalizeFindingStatus(finding.status)sourceStatus
rule.cweNamesweaknesses
Semgrep Open Source Finding Definition

Table 4: Semgrep Open Source Finding Definition Attribute Mappings

Semgrep Field NameMaps to Brinqa Attribute
finding.fix_recommendations.each → packageName + " : " + versionfixRecommendations
finding.idname, uid
finding.rule.cweNamescweIds, weaknesses
finding.rule.message.get(DESCRIPTION)description
finding.rule.message.get(RECOMMENDATION)recommendation
finding.severitysourceSeverity
finding.vulnerability_identifiercveIds
getFindingSeverityScore(finding.severity)severityScore
normalizeFindingSeverity(finding.severity)severity
Semgrep Static Code Finding

Table 5: Semgrep Static Code Finding attribute mappings

Semgrep Field NameMaps to Brinqa Attribute
buildPath(finding.location)path
finding.confidenceconfidence
finding.first_seen_scan_idfirstSeenScanId
finding.iduid
finding.location.columnstartColumn
finding.location.end_columnendColumn
finding.location.end_lineendLine
finding.location.linestartLine
finding.match_based_idmatchBasedId
finding.refsourceRef
finding.repository.nametargets
finding.repository.urlrepositoryUrl
finding.relevant_sincefirstFound
finding.rule.messageruleMessage
finding.rule.nametype
finding.sourcing_policy.asStringsourcingPolicy
finding.statusproviderStatus
finding.syntactic_idsyntacticId
finding.triage_commenttriagedComment
finding.triage_statetriageState
finding.triaged_atlastFixed, triagedAt
normalizeFindingStatus(finding.status)sourceStatus
Semgrep Static Code Finding Definition

Table 6: Semgrep Static Code Finding Definition attribute mappings

Semgrep Field NameMaps to Brinqa Attribute
finding.idname, uid
finding.rule.cweNamescweIds, weaknesses
finding.rule.message.get(DESCRIPTION)description
finding.rule.message.get(RECOMMENDATION)recommendation
finding.severitysourceSeverity
getFindingSeverityScore(finding.severity)severityScore
normalizeFindingSeverity(finding.severity)severity

APIs

The Semgrep connector uses the Semgrep Web API v1. Specifically, it uses the following endpoints:

Table 7: Semgrep API Endpoints

Connector ObjectAPI Endpoint
Semgrep Code ProjectGET /api/v1/deployments/{deploymentSlug}/projects
Semgrep Open Source FindingGET /api/v1/deployments/{deploymentSlug}/findings
Semgrep Open Source Finding DefinitionGET /api/v1/deployments/{deploymentSlug}/findings
Semgrep Static Code FindingGET /api/v1/deployments/{deploymentSlug}/findings
Semgrep Static Code Finding DefinitionGET /api/v1/deployments/{deploymentSlug}/findings

Changelog

The Semgrep connector has undergone the following changes:

Table 8: Semgrep connector changelog

VersionDescriptionDate Published
3.0.2- The connector now retrieves the Open Source Finding and Open Source Finding Definition objects from Semgrep, adding support for ingesting SCA findings.
- Updated several mappings on the Static Code Finding and Static Code Finding Definition objects.
September 26th, 2025
3.0.1- Fixed data type mismatches.
- Code cleanup and general maintenance.
August 29th, 2025
3.0.0Initial Integration+ release.January 23rd, 2023