Skip to main content

About Semgrep

Iru calls Semgrep’s Web API for findings, projects, and policies. Tokens must include the Web API scope - Agent/CI-only tokens return 404s on web endpoints. Team or Enterprise tier is typically required for API access.

How It Works

Authorization: Bearer YOUR_API_TOKEN
DetailValue
CategoryApplication security
AuthenticationBearer (Web API scope)
Official references: Tokens, Web API scope, API reference.

Prerequisites

  • Admin or Owner on the Semgrep org.

Connect Semgrep to Iru

Complete this tab before you connect the source in Compliance.
1

Sign in to Semgrep

Open the Semgrep AppSec Platform and sign in with an Admin or Owner for the organization Iru should read.
2

Open Settings

Select Settings (gear or profile menu, depending on Semgrep UI).
3

Open Tokens

Navigate to Tokens, then API tokens (wording may read API Tokens or Personal access tokens).
4

Create a token

Select Create (or New token). Enter a name such as Iru Compliance.
5

Enable Web API scope

Enable the Web API scope (required for this connector). Remove any write scopes your security team does not want for evidence-only use.
6

Save and copy the secret

Save the token, then copy the secret once. Semgrep shows it only at creation.
Continue on the Iru Compliance tab.

Troubleshooting

Check pop-up blocker settings for the Iru site and try again.
Recreate token with Web API scope.
Upgrade to a tier that includes API access.

Sources Management

Browse and manage every Compliance source.

Getting Started With Compliance

Frameworks, actions, and Artifacts.

Iru Overview

How Endpoint, Compliance, and Identity fit together.

Artifacts Management

Upload, review, and organize evidence from sources and actions.