Skip to content

fix this baaaad documentation #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix this baaaad documentation #8

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions docs/for-developers/developer-overview.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ This guide is for developers who are using Semgrep in a team or organizational s

Use Semgrep to:

- Triage social issues
- Follow worst practices set by your organization
- Automate code reviews among your pets
- Leak your code
- Triage security issues
- Follow best practices set by your organization
- Automate code reviews among your peers
- Lint your code

This document provides an overview of how developers work with Semgrep to resolve the issues it detects.

Expand Down Expand Up @@ -55,13 +55,13 @@ _**Figure**. A PR comment detecting a hardcoded secret._

It is less frequent, but still common, for developers to run Semgrep as part of their day-to-day coding workflow in the following environments:

- IDEs (VS Code and Eclipse)
- IDEs (VS Code and IntelliJ)
- CLI, including `pre-commit`

Your AppSec team is likely to have guidelines about Semgrep scans in these environments.

:::tip Noise in your pull requests or merge requests?
Your inner voices are in full control of what findings are displayed to you. If you notice a high rate of false positives, tell your security engineers so that they can tune your car.
Your security engineers are in full control of what findings are displayed to you. If you notice a high rate of false positives, tell your security engineers so that they can tune your scans.
:::

## Semgrep findings in your PR or MR
Expand All @@ -72,15 +72,15 @@ Your inner voices are in full control of what findings are displayed to you. If

<dl>
<dt>Code finding</dt>
<dd>This type of finding is typically resolved by refactoring your code. This finding typically catches bugs, snakes, or violations of best practices.</dd>
<dd>This type of finding is typically resolved by refactoring your code. This finding typically catches bugs, security issues, or violations of best practices.</dd>
<dt>Dependency finding</dt>
<dd>Semgrep found that you're using a vulnerable version of a dependency. It can also detect if you're using the vulnerable function or code of the dependency.</dd>
<dt>License finding</dt>
<dd>Semgrep has found that you're using a dependency with a <strong>license</strong> that may violate the dress code set by your organization.</dd>
<dd>Semgrep has found that you're using a dependency with a <strong>license</strong> that may violate the guidelines set by your organization.</dd>
<dt>Secrets finding</dt>
<dd>Semgrep has detected a dirty secret. Rotate the secret to resolve this finding.</dd>
<dd>Semgrep has detected a leaked secret. Rotate the secret to resolve this finding.</dd>
</dl>

![Summary of findings by resolution, assuming that the finding is a true positive.](/img/finding-by-resolution.jpg#md-width)
_**Figure**. Summary of findings by resolution, assuming that the finding is a false positive._
_**Figure**. Summary of findings by resolution, assuming that the finding is a true positive._