semgrep/semgrep

Incorrect help instructions displayed on command line

jgadsden opened this issue · 0 comments

jgadsden commented

Describe the bug
semgrep --help incorrectly states that semgrep with no subcommand is equivalent to semgrep scan

When running from the command with no subcommand semgrep will correctly print the text provided by the 'print_help' function.

To Reproduce
Steps to reproduce the behavior:

  1. run command semgrep --help from the command line and get:
semgrep-develop % semgrep --help
Usage: semgrep [OPTIONS] COMMAND [ARGS]...

To get started quickly, run `semgrep scan --config auto`

Run `semgrep SUBCOMMAND --help` for more information on each subcommand

If no subcommand is passed, will run `scan` subcommand by default

Options:
...
  1. run command semgrep with no subcommand:
semgrep-develop % semgrep

┌──── ○○○ ────┐
│ Semgrep CLI │
└─────────────┘
Semgrep CLI scans your code for bugs, security and dependency vulnerabilities.

For more information about Semgrep, visit https://semgrep.dev

Get Started:
  Run `semgrep login && semgrep ci` to enable Pro rules, Semgrep Supply Chain,
  and secrets scanning. Without logging in, Semgrep CLI will only run the free
  open-source rules available at https://semgrep.dev/r.
...

Expected behavior
semgrep --help should not report that the 'scan' subcommand will be run if no subcommand is provided

Screenshots
run command semgrep --help and get:
Screenshot 2024-04-05 at 09 31 13

run command semgrep with no subcommand:
Screenshot 2024-04-05 at 09 31 59

What is the priority of the bug to you?

  • P0: blocking your adoption of Semgrep or workflow
  • P1: important to fix or quite annoying
  • P2: regular bug that should get fixed

Environment
semgrep official release 1.67.0

Use case
Correct help instructions displayed on command line