# OpenCLI Agent Pack: Semgrep

Use this when an AI agent needs to work with `semgrep`.

## What this CLI is for
The official CLI from Semgrep. Static analysis, security scanning, and code rules from the terminal. Supports structured output — good for scripts and agents.

Best for: static analysis, security scanning, and code rules from the terminal.

## Agent readiness
Great for agents (75/100)
- Structured output is available for parsing.
- Supports non-interactive/scripted use.
- Works well in CI or repeatable automation.

## Install
```sh
brew install semgrep
```

## Verify before real work
```sh
semgrep --version
```
Expected signal: semgrep responds locally and is ready for the first real command.

## Safe starting commands
```sh
semgrep --version
```

```sh
semgrep scan --config auto
```

## Guardrails for agents
- Run the verify command first.
- Summarize findings before taking actions with side effects.

## Suggested agent instruction
You may use Semgrep (`semgrep`) for static analysis, security scanning, and code rules from the terminal.. First install it if missing, then run the verify command. Start with read-only or inspection commands. Summarize what you found before changing anything. Ask for confirmation before commands that mutate remote state, spend money, deploy, delete data, merge code, or expose secrets.

Source: OpenCLI