where is semgrep architecture documentation

Question

where is semgrep architecture documentation

Closed this issue 3 months ago · 3 comments

Hello!
I am researching on the Semgrep functionality for the SAST.

And I could not find any information on how Semgrep is performing its scans. Does it build out the whole environment in the DB format and then performs quering on it or builds a tokenized tree?

What is the operational procedure for it?

Answer 1 · 2024-04-05T15:54:54.000Z

@aryx has probably written the best architecture overview, but I don't know where it is, I'll let him comment

Answer 2 · 2024-04-15T18:37:48.000Z

Semgrep-3.pdf

Answer 3 · 2024-04-15T18:39:10.000Z

There is no real documentation about the architecture of Semgrep unfortunately. I started to write one a long time ago in the attached PDF semgrep-3.pdf above, but it was never finished. Still the few first pages in chapter 2, especially section 2.6 can be useful, even if it's not really uptodate.