Sprinto Dashboard

Semgrep Integration

Semgrep is an open-source static analysis tool for detecting code patterns and security vulnerabilities in source code.

How does this integration help Sprinto

The integration below assists Sprinto in meeting compliance requirements concerning vulnerability monitoring on production classified code repositories. Sprinto detects vulnerabilities from your configured Semgrep account and ensures they are resolved within the defined SLA (Service Level Agreement) with the assistance of Sprinto's checks.

Sprinto checks for Semgrep integration Following are the Sprinto checks available for Semgrep integration:

Sprinto check
Required action

Semgrep vulnerability alert should be resolved within SLA

This check activates when Sprinto detects a vulnerability in the open status on your configured Semgrep account. To fix this check, resolve the detected vulnerability from the source.

Before you begin

  • Ensure you have “Admin” access on the Semgrep account you wish to integrate on Sprinto.

  • Log in to the Sprinto's admin portal.

Integrate Sprinto with Semgrep

Follow the below steps to integrate Semgrep on Sprinto:

  1. Get API token from Semgrep.

  • Log in to theSemgrep account using your credentials or available Single Sign-On (SSO) options.

  • Choose your desired organization from the dropdown menu at the top.

  • Go to Settings, scroll down, and copy the organization slug.

  • On Settings page, select the Tokens tab.

  • Click Create New Token, to generate a new API token.

  • Copy and save the generated token securely. We will need this detail on Sprinto to build integration.

  1. Integrate Semgrep on Sprinto.

  • Go to Security Hub > Settings > Integrations > Available, and click Connect next to Semgrep.

  • Read the on-screen instructions, and click Next.

  • Enter Organization Slug and API Token copied from Step 1, and click Connect.

  1. Add Semgrep as a vulnerability scanner on Sprinto.

  • Go to Security Hub > Vulnerabilities > Overview, and click + Add monitoring source.

  • On Add vulnerability monitoring source page, click Choose next to Semgrep.

  • If required, click on Manage to modify your selected projects, and click Add Semgrep.

Note: By default, Sprinto selects all projects/groups from your integrated Semgrep account for tracking.

Final step

After completing Step 3, allow 15 to 20 minutes for Sprinto to finish the data syncing process. Sprinto may take a few hours to evaluate the synced data and activate relevant Sprinto checks.

If needed, go to Security Hub > Vulnerability and select Semgrep to review the pending vulnerabilities.

Connect Sprinto support if you have any queries related to the integration or need any assistance.

PreviousSelf-Hosted GitLab IntegrationNextSendGrid Integration

Last updated