Skip to content

Commit b3a81b7

Browse files
committed
update more docs
1 parent 11a6cd9 commit b3a81b7

File tree

5 files changed

+55
-40
lines changed

5 files changed

+55
-40
lines changed

docs/semgrep-appsec-platform/azure-pr-comments.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,7 @@ To update your connection between Semgrep and Azure DevOps:
6565
3. Return to Semgrep and [<i class="fas fa-external-link fa-xs"></i> sign in](https://semgrep.dev/login).
6666
4. Go to **<i class="fa-solid fa-gear"></i> Settings > Source code managers**, and find your Azure DevOps connection.
6767
5. Click **Update access token**.
68-
6. In the **Update access token** that appears, provide the token granting full access that you created. Click **Update** to save and proceed.
68+
6. In the **Update access token** dialog that appears, provide the token you created. Click **Update** to save and proceed.
6969
7. Toggle the **Incoming webhooks** setting on.
7070

7171
Once you've successfully turned on the triage by PR comment feature, you can change the token you provide to Semgrep to one that's more restrictive. The token scopes required for the more restrictive token are:

docs/semgrep-appsec-platform/bitbucket-cloud-pr-comments.md

Lines changed: 16 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -114,17 +114,22 @@ Confirm that you have the correct connection and access:
114114

115115
#### Triage through PR comments
116116

117-
If you want developers to able to triage findings via their MR comments, without leaving Bitbucket, you must have provided a Bitbucket workspace access token to Semgrep. Triage through PR comments is not supported with repository access tokens.
118-
119-
The workspace access tokens must be created by a user with the Product Admin role. The scopes you must assign to the token include:
120-
121-
* webhook (read and write)
122-
* repository (read and write)
123-
* pullrequest (read and write)
124-
* project (admin)
125-
* account (read)
126-
127-
Once you have triage through PR comments fully configured, you can update the token's role and scopes to be more restrictive (how restrictive?).
117+
Developers can triage Semgrep findings without leaving Bitbucket by responding to the PR comments authored by Semgrep. To turn this feature on, you must update your Semgrep organization's connection to Bitbucket to use a workspace access token or an HTTP access token. This allows you to enable webhooks, which Semgrep requires for the triage through PR comment feature.
118+
119+
To update your connection between Semgrep and Bitbucket:
120+
121+
1. Log in to Bitbucket using an account assigned with the **Product Admin** role.
122+
2. [Create a workspace access token](https://support.atlassian.com/bitbucket-cloud/docs/workspace-access-tokens/). Ensure that you assign the following scopes to the token:
123+
- `webhook (read and write)`
124+
- `repository (read and write)`
125+
- `pullrequest (read and write)`
126+
- `project (admin)`
127+
- `account (read)`
128+
3. Return to Semgrep and [<i class="fas fa-external-link fa-xs"></i> sign in](https://semgrep.dev/login).
129+
4. Go to **<i class="fa-solid fa-gear"></i> Settings > Source code managers**, and find your Bitbucket connection.
130+
5. Click **Update access token**.
131+
6. In the **Update access token** dialog that appears, provide the new token you created. Click **Update** to save and proceed.
132+
7. Toggle the **Incoming webhooks** setting on.
128133

129134
### Define the `BITBUCKET_TOKEN` environment variable
130135

docs/semgrep-appsec-platform/bitbucket-data-center-pr-comments.md

Lines changed: 12 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -59,14 +59,18 @@ Confirm that you have the correct connection and access:
5959

6060
#### Triage through PR comments
6161

62-
If you want developers to able to triage findings via their MR comments, without leaving Bitbucket, you must have:
63-
64-
- Bitbucket Data Center v8.8 or above
65-
- A Bitbucket HTTP access token in the Source code manager (SCM) connection to Semgrep, created by a user with the Project Admin role.
66-
67-
This access token must be created with PROJECT_ADMIN permissions. Project-level webhooks are required to support triage though PR comments.
68-
69-
After providing a token with the appropriate role and permissions, enable the **Incoming webhooks** toggle on the SCM connection for the Bitbucket project.
62+
Developers can triage Semgrep findings without leaving Bitbucket by responding to the PR comments authored by Semgrep. To turn this feature on, you must update your Semgrep organization's connection to Bitbucket to use a workspace access token or an HTTP access token. This allows you to enable webhooks, which Semgrep requires for the triage through PR comment feature.
63+
64+
To update your connection between Semgrep and Bitbucket:
65+
66+
1. Ensure that you're using Bitbucket Data Center version 8.8 or later.
67+
2. Log in to Bitbucket using an account assigned with the **Project Admin** role.
68+
3. [Create an HTTP access token](https://confluence.atlassian.com/bitbucketserver/http-access-tokens-939515499.html). When setting the token's **Project permissions**, ensure that you select **Project admin**.
69+
4. Return to Semgrep and [<i class="fas fa-external-link fa-xs"></i> sign in](https://semgrep.dev/login).
70+
5. Go to **<i class="fa-solid fa-gear"></i> Settings > Source code managers**, and find your Bitbucket connection.
71+
6. Click **Update access token**.
72+
7. In the **Update access token** dialog that appears, provide the new token you created. Click **Update** to save and proceed.
73+
8. Toggle the **Incoming webhooks** setting on.
7074

7175
### Configure comments for Semgrep Code
7276

docs/semgrep-appsec-platform/gitlab-mr-comments.md

Lines changed: 19 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -59,21 +59,25 @@ PR comments are enabled by default for users who have connected their GitLab gro
5959

6060
#### Triage though MR comment
6161

62-
If you want developers to able to triage findings via their MR comments, without leaving GitLab, you must also have one of the following plans:
63-
64-
- GitLab Premium
65-
- GitLab Ultimate
66-
- GitLab Self Managed
67-
68-
The token used in the Source code manager (SCM) connection to the GitLab group must have one of the following roles:
69-
70-
- `Maintainer`
71-
- `Owner`
72-
- `Admin`
73-
74-
This is because GitLab repositories require the enablement of webhooks allow Semgrep to be notified of new review comments. After providing a token with the appropriate role, enable the **Incoming webhooks** toggle on the SCM connection.
75-
76-
Once the toggle is enabled and webhooks have been created, you can downgrade the role assigned to the token to `Developer`.
62+
Developers can triage Semgrep findings without leaving GitLab by responding to the MR comments authored by Semgrep. To turn this feature on, you must update your Semgrep organization's connection to GitLab to use an access token with an elevated role. This allows you to enable webhooks, which Semgrep requires for the triage through MR comment feature.
63+
64+
To update your connection between Semgrep and GitLab:
65+
66+
1. Ensure that you're using one of the following GitLab plans:
67+
- GitLab Premium
68+
- GitLab Ultimate
69+
- GitLab Self Managed
70+
2. Log in to GitLab, and create an access token with one of the following roles assigned:
71+
- `Maintainer`
72+
- `Owner`
73+
- `Admin`
74+
3. Return to Semgrep and [<i class="fas fa-external-link fa-xs"></i> sign in](https://semgrep.dev/login).
75+
4. Go to **<i class="fa-solid fa-gear"></i> Settings > Source code managers**, and find your GitLab connection.
76+
5. Click **Update access token**.
77+
6. In the **Update access token** dialog that appears, provide the new token you created. Click **Update** to save and proceed.
78+
7. Toggle the **Incoming webhooks** setting on.
79+
80+
Once you've successfully turned on the triage by PR comment feature, you can change the token you provide to Semgrep to one that's more restrictive. You can downgrade the role assigned to the token to `Developer`.
7781

7882
### Configure comments for Semgrep Code
7983

docs/semgrep-code/triage-remediation.md

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -185,21 +185,23 @@ You can triage your Semgrep AppSec Platform findings displayed as comments in PR
185185
Before proceeding, ensure that you have:
186186
- One or more repositories hosted by a [Semgrep-supported source code manager (SCM)](/getting-started/scm-support).
187187
- Configured [PR or MR comments](/category/pr-or-mr-comments) for your SCM.
188-
- For SCMs other than GitHub: granted Semgrep permission to interact with pull requests and create webhooks for your SCM, and enabled the **Incoming webhooks** option on the SCM connection.
188+
- *For SCMs other than GitHub:*
189+
- Granted Semgrep permission to interact with pull requests and create webhooks for your SCM
190+
- Enabled the **Incoming webhooks** option on the SCM connection
189191

190-
### Granting permissions
192+
### Grant permission to interact with pull requests and create webhooks for your SCM
191193

192-
Use the steps included under **Triage through PR/MR comment** in the PR/MR comment guides if you need assistance granting the correct permissions to enable pull request interaction and webhook management.
194+
See the following documents for instructions on granting the correct permissions to enable pull request interaction and webhook management:
193195

194196
- [GitLab](/docs/semgrep-appsec-platform/gitlab-mr-comments#triage-through-mr-comment)
195197
- [Bitbucket Cloud](/docs/semgrep-appsec-platform/bitbucket-cloud-pr-comments#triage-through-pr-comment)
196198
- [Bitbucket Data Center](/docs/semgrep-appsec-platform/bitbucket-cloud-pr-comments#triage-through-pr-comment)
197199
- [Azure DevOps](/docs/semgrep-appsec-platform/azure-pr-comments#triage-through-pr-comment)
198200

199-
To triage a finding:
201+
Once you've turned on this feature, you can triage a finding using the following steps:
200202

201203
1. Find an open comment created by Semgrep in your pull request or merge request.
202-
2. In a subsequent comment, reply with the action you want to take. You must provide a reason to help the reader understand why the finding has been triaged as ignored:
204+
2. Reply to the comment with the action you want to take. You must provide a reason to help the reader understand why the finding has been triaged as ignored:
203205
<TriageReason />
204206
Semgrep attempts to reply to your comment if it successfully triages the finding.
205207

0 commit comments

Comments
 (0)