When I run a scan, the findings are printed out on the CLI. How can I see or store these results? I can use piping (|) or output redirection (>) - but is there a semgrep-y or formatted way of saving these findings?
After trying out some of the options in this CLI reference, I've been running the following command:
semgrep --config auto --output scan_results.json --json
(Substitute the config option for whichever Semgrep config/rulesets you use.)
This results in a JSON file with the following top-level attributes:
Among the other formats supported, there's also support for SARIF output, which is used to streamline the interchange of results across different SAST tools. Similar to JSON, the structure is as follows:
semgrep --config auto --output scan_results.sarif --sarif
Credit to Parsia on the Semgrep community slack for the SARIF tip.
