You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/running-rules.md
+14-8Lines changed: 14 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -22,13 +22,13 @@ Rules can be organized in **rulesets**. Rulesets are rules related through a pro
22
22
23
23
The list below covers different kinds of Semgrep rules:
24
24
25
-
- Existing [Semgrep Registry rules](#running-semgrep-registry-rules-locally). You can also contribute to the open source Semgrep Registry, see [Contributing rules](/contributing/contributing-to-semgrep-rules-repository).
26
-
-[Local rules](#creating-and-using-local-rules):
25
+
- Existing [Semgrep Registry rules](#run-semgrep-registry-rules-locally). You can also contribute to the open source Semgrep Registry, see [Contributing rules](/contributing/contributing-to-semgrep-rules-repository).
26
+
-[Local rules](#create-and-use-local-rules):
27
27
- One-off [ephemeral rules](#ephemeral-rules) passed into the command line.
28
28
-[YAML-defined rules](#yaml-defined-rules).
29
-
- A combination of [local rules and Semgrep Registry rules](#running-multiple-rules-simultaneously) or a combination of multiple rules in general.
29
+
- A combination of [local rules and Semgrep Registry rules](#run-multiple-rules-simultaneously) or a combination of multiple rules in general.
30
30
31
-
## Running Semgrep Registry rules locally
31
+
## Run Semgrep Registry rules locally
32
32
33
33
You can run a SAST scan in your Git environment with pre-selected Semgrep Registry rules:
34
34
@@ -55,15 +55,21 @@ To use Semgrep Registry continuously in your CI/CD pipeline, see the [Semgrep in
55
55
56
56
-->
57
57
58
-
## Creating and using local rules
58
+
## Create and use local rules
59
59
60
60
Local rules can be either:
61
61
62
62
-[Ephemeral rules](#ephemeral-rules) with the `-e` or `--pattern` flags for use in a single command.
63
63
- Configured in [YAML rule files](#yaml-defined-rules) that conform to the [Rule syntax](/writing-rules/rule-syntax) schema.
64
64
65
-
:::tip
66
-
See [Writing rules > Getting started](/writing-rules/overview/) to learn how to write rules.
65
+
To learn how to write rules, see [Writing rules > Getting started](/writing-rules/overview/).
66
+
67
+
:::info Rule IDs of local rules
68
+
Semgrep prefixes the rule IDs of local rules with a custom value it generates using the following steps:
69
+
70
+
1. Get the relative path from the current working directory of the process to the directory of the rules file.
71
+
2. Replace the directory separators of the relative path with dots.
72
+
3. Remove any characters not allowed in a rule ID from the relative path.
67
73
:::
68
74
69
75
### Ephemeral rules
@@ -101,7 +107,7 @@ Rules stored under a hidden directory, such as `dir/.hidden/myrule.yml`, are pro
101
107
102
108
For more information on defining custom rules, see [Writing rules](/writing-rules/overview/).
103
109
104
-
## Running multiple rules simultaneously
110
+
## Run multiple rules simultaneously
105
111
106
112
To run multiple rules simultaneously, use `--config` before every YAML URL, or Semgrep registry entry name. This option lets you include your local rules as well as Semgrep Registry rules. See the following code example (substitute the colored values as necessary):
0 commit comments