Using Semgrep and Jenkins for Static Code Analysis
Need help with your Jenkins questions?
Visit https://community.jenkins.io/c/using-...
Timecodes ⏱:
00:00 Introduction
00:08 Overview
00:31 Starting point
00:48 Review Semgrep website
00:58 Review Semgrep CLI and exit codes
01:46 Review Semgrep CI (aka Semgrep Action or semgrep-agent)
02:41 How to run Semgrep CI with Docker
03:22 Review available rules
04:19 Review WebGoat repository
05:09 Run and review job
08:32 Add more rules to the job
09:44 Why should you run a static analysis tool like Semgrep on your code?
#jenkinstutorial #semgrep
Information referenced in this video:
Sample repository (specifically the "jenkinsfile" branch):
https://github.com/darinpope/WebGoat/...
Jenkins LTS 2.303.2
https://www.jenkins.io/changelog-stab...
CloudBees on Twitter:
/ cloudbees
Darin on Twitter:
/ darinpope
