Using Semgrep and Jenkins for Static Code Analysis

Published: 04 November 2021
on channel: CloudBeesTV

4,259

Need help with your Jenkins questions?
Visit https://community.jenkins.io/c/using-...

Timecodes ⏱:

00:00 Introduction
00:08 Overview
00:31 Starting point
00:48 Review Semgrep website
00:58 Review Semgrep CLI and exit codes
01:46 Review Semgrep CI (aka Semgrep Action or semgrep-agent)
02:41 How to run Semgrep CI with Docker
03:22 Review available rules
04:19 Review WebGoat repository
05:09 Run and review job
08:32 Add more rules to the job
09:44 Why should you run a static analysis tool like Semgrep on your code?

#jenkinstutorial #semgrep

Information referenced in this video:

Sample repository (specifically the "jenkinsfile" branch):
https://github.com/darinpope/WebGoat/...

Jenkins LTS 2.303.2
https://www.jenkins.io/changelog-stab...

CloudBees on Twitter:
/ cloudbees

Darin on Twitter:
/ darinpope

Watch video Using Semgrep and Jenkins for Static Code Analysis online without registration, duration hours minute second in high quality. This video was added by user CloudBeesTV 04 November 2021, don't forget to share it with your friends and acquaintances, it has been viewed on our site 4,259 once and liked it 72 people.