CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
    • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
      • Typescript
      • Yaml
        • Argo
        • Docker-compose
        • Github-actions
        • Gitlab
        • Kubernetes
        • Openapi
        • Semgrep
        • Semgrep
    Yaml

    Semgrep

    slow-pattern-top-ellipsis

    Using the ellipsis operator ... at the top of the pattern drastically slows down the rule performance.

    multi-line-message

    This rule has a multi-line message field, which may display poorly in a terminal. Consider ensuring it is on one line. For example, use message: >-, not message: |.

    metadata-owasp

    The owasp tag in Semgrep rule metadata should start with the format “A00:YYYY”, where A00 is the OWASP top ten number and YYYY is the OWASP top ten year.

    metadata-references

    The references in rule metadata should always be a list, even if there’s only one.

    metadata-category

    This Semgrep rule is missing a valid ‘category’ field in the ‘metadata’. ‘category’ must be one of ‘security’, ‘correctness’, ‘best-practice’, ‘performance’, ‘maintainability’, or ‘portability’.

    metadata-confidence-incorrect-value

    Semgrep rule confidence: $VALUE detected, but the value must be LOW, MEDIUM, or HIGH. For more information visit: https://semgrep.dev/docs/contributing/contributing-to-semgrep-rules-repository/

    duplicate-pattern

    Two identical pattern clauses were detected. This will cause Semgrep to run the same pattern twice. Remove one of the duplicate pattern clauses.

    duplicate-id

    The ‘id’ field $X was used multiple times. The ‘id’ field needs to be unique.

    metadata-likelihood-incorrect-value

    Semgrep rule likelihood: $VALUE detected, but the value must be LOW, MEDIUM, or HIGH. For more information visit: https://semgrep.dev/docs/contributing/contributing-to-semgrep-rules-repository/

    yaml-key-indentation-check

    It looks like you have an YAML indentation issue — instead of writing $KEY, put a space between the hyphen and what comes after! Otherwise, it reads as a single string.

    metadata-technology

    This Semgrep rule is missing a ‘technology’ field in the ‘metadata’. Consider adding a list of technologies based on the rule’s associated library or framework, or another piece of relevant information.

    metadata-subcategory

    This Semgrep rule is missing a valid ‘subcategory’ field in the ‘metadata’. which should be either audit, vuln, or guardrail. For more information visit https://semgrep.dev/docs/contributing/contributing-to-semgrep-rules-repository/

    metadata-cwe

    $…CWE The cwe tag in rule metadata should always be in the format “CWE-000: Title”.

    metadata-subcategory-incorrect-value

    Semgrep rule likelihood: $VALUE detected, but the value must be vuln, audit, or guardrail. For more information visit: https://semgrep.dev/docs/contributing/contributing-to-semgrep-rules-repository/

    metadata-impact-incorrect-value

    Semgrep rule impact: $VALUE detected, but the value must be LOW, MEDIUM, or HIGH. For more information visit: https://semgrep.dev/docs/contributing/contributing-to-semgrep-rules-repository/

    metadata-likelihood

    This Semgrep rule is missing a valid ‘likelihood’ field in the ‘metadata’. which should be either LOW, MEDIUM, or HIGH. For more information visit https://semgrep.dev/docs/contributing/contributing-to-semgrep-rules-repository/

    interfile-true-under-metadata-and-no-options

    interfile: true should be under the options field, not the metadata field.

    slow-pattern-general-func

    Using patterns like function (...) {...} is too general it will probably slow down the rule performance.

    missing-language-field

    Please include a ‘languages’ field for your rule $RULEID!

    unnecessary-parent-operator

    Unnecessary parent operator. Remove one to fix.

    message-whitespace-check

    It looks like you have an additional space in your rule message, this can look awkward in the finding output, please remove the additional whitespace!

    metadata-impact

    This Semgrep rule is missing a valid ‘impact’ field in the ‘metadata’. which should be either LOW, MEDIUM, or HIGH. For more information visit https://semgrep.dev/docs/contributing/contributing-to-semgrep-rules-repository/

    missing-message-field

    This rule does not have a message. Semgrep requires that rules have a message. Include a message to explain what the rule does. Consider writing a message that explains why this is an issue and how to fix it.

    metadata-confidence

    This Semgrep rule is missing a valid ‘confidence’ field in the ‘metadata’. which should be either LOW, MEDIUM, or HIGH. For more information visit https://semgrep.dev/docs/contributing/contributing-to-semgrep-rules-repository/

    metadata-incorrect-option

    It looks like $KEY is not in the default list of expected options, if this is a new key update this rule

    empty-message

    This rule has an empty message field. Consider adding a message field that communicates why this rule is an issue and how to fix it. This will increase the chance that the finding gets addressed.

    slow-pattern-single-metavariable

    Using a single metavariable as a pattern drastically slows down the rule performance because it will match every expression in a file. Instead, try to match something specific such as a function name, or anchor on a statement that may occur above or below the pattern. The more specific you can be, the faster the pattern will run.

    missing-deconstructed-value

    Looks like this value is deconstructing a const/var/let you need to use all three const {...} = var {...} = and let {...} = to provide accurate coverage consider adding the missing patterns in a pattern-inside for better coverage.

    unsatisfiable-rule

    You can not use ‘pattern’ Aand′pattern−not′A and 'pattern-not' Aand′pattern−not′A together; this will always be empty.

    interfile-true-under-metadata-and-options-already-present

    interfile: true should be under the options field, not the metadata field.

    slow-pattern-general-property

    Using patterns like $X.$Y may be too general and may slow down the rule performance.

    metadata-deepsemgrep

    We no longer support deepsemgrep: true, please use interfile:true
    SecurityConsistency
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.