Open CLI

semgrep

officialscriptablesecurity
$ brew install semgrep
Summary

Static analysis, security scanning, and code rules from the terminal.

  • semgrep fits infra well, especially for static analysis, security scanning, and code rules from the terminal.
  • It is the official CLI from Semgrep.
  • Good for scripts and agents.
  • Good fit for coding-agent workflows and repeatable scripts.
  • Structured output is available for automation and parsing.
infra-semgrep-SKILL.md

Semgrep guide

The official CLI from Semgrep. Static analysis, security scanning, and code rules from the terminal. Supports structured output — good for scripts and agents.

Open CLI packages the install path, verify step, and safe-start workflow so this tool can move from “interesting CLI” to something you can actually use. It also integrates with skills.sh so each CLI comes with the right companion skills, not just a binary and a docs link.

When to apply

  • static analysis, security scanning, and code rules from the terminal.
  • You want security scanning you can script with structured output.
  • You need static analysis.
  • You need security scanning.
  • You need code rules.

Quick reference

Installbrew install semgrep
Verifysemgrep --version
First real commandsemgrep scan --config auto

Open CLI × skills.sh

Open CLI integrates semgrep with the right skills.sh companions so you get the tool and the workflow together.

Security Best Practices

Verified pairing

Open CLI integrates semgrep with this skills.sh skill because it is the clearest fit for how semgrep is usually used. Add safer defaults when a CLI touches secrets, auth, or sensitive systems.

View on skills.sh
$ npx skills add https://github.com/supercent-io/skills-template --skill security-best-practices
Starter prompt

Use semgrep together with the Security Best Practices skills.sh skill. Start with inspection or dry-run commands, summarize any risk, and ask before actions with side effects.

Also useful from skills.sh
Code Reviewskills.shDebuggingskills.sh

Why this tool

  • semgrep fits infra well, especially for static analysis, security scanning, and code rules from the terminal.
  • It is the official CLI from Semgrep.
  • Good for scripts and agents.

Watch-outs

  • Run the verify command first.

Example workflow

1. semgrep scan --config auto

Safe start

Step 1

Install semgrep.

Step 2

Run `semgrep --version` first.

Step 3

Start with `semgrep scan --config auto`.

Step 4

Install the infra CLI and verify kubeconfig, Docker context, or cloud credentials.

Alternatives worth considering

vault

Secrets, identity, and pki from the terminal.

trivy

Image scanning, vulns, and iac checks from the terminal.

shellcheck

Shell linting, bash safety, and script review from the terminal.