Semgrep

// Some code


semgrep scan --config auto --json ./ -o semgrep-results.json




import json

# Load original Semgrep JSON
with open("semgrep-results.json") as f:
    data = json.load(f)

extracted = []
for f in data.get("results", []):
    path = f.get("path")
    start_line = f.get("start", {}).get("line")
    end_line = f.get("end", {}).get("line")
    # read actual lines from file for evidence
    try:
        with open(path) as file:
            lines = file.readlines()[start_line-1:end_line]
            evidence = "".join(lines).rstrip()
    except Exception:
        evidence = ""  # fallback if file missing
    extracted.append({
        "path": path,
        "start_line": start_line,
        "end_line": end_line,
        "rule_id": f.get("rule_id") or f.get("check_id"),
        "message": f.get("message") or f.get("extra", {}).get("message"),
        "severity": f.get("severity") or f.get("extra", {}).get("severity"),
        "evidence": evidence
    })

with open("semgrep_extracted_with_evidence.json", "w") as f:
    json.dump(extracted, f, indent=2)
PreviousSAST Scan NextDAST Scan
Last updated 21 days ago