Run all available rules on a repository
To scan your repository with all of the rules available in the Semgrep Registry, navigate to the root of your repository and run:
semgrep --config=r/all .
If you are not logged in, --config=r/all
runs all public rules from the Semgrep Registry, including community-authored rules.
If you are logged in, --config=r/all
runs all public rules from the Semgrep Registry, including community-authored rules, plus:
- Your organization's private rules in the Registry, excluding unlisted private rules
- This excludes unlisted private rules
- Semgrep Pro rules, if you have a Team or Enterprise subscription
Running all rules is likely to produce many findings and generate noise in the form of false positives.
Error: "invalid configuration file found"
If you encounter the following error, there is a syntax error in one of your custom rules.
[ERROR] invalid configuration file found (1 configs were invalid)
To work around this error, while you correct the issues in the affected configuration file, run:
semgrep --config r/all . -d
semgrep --config ~/.semgrep/semgrep_rules.json .
The first command creates a cache of rules in semgrep_rules.json
within the .semgrep
directory in your home folder that omits the invalid rule. The second command runs a Semgrep scan using the local rule cache.
Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.