Add Semgrep repository tag creation utility #129
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This utility provides Python scripts to create and manage tags for Semgrep repositories using the Semgrep API. Features: - Create simple tags (like Python-3.7) - Create key-value tags (like environment:production) - List tags for repositories - List all repositories in an organization - Preserves system tags like managed-scan 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <[email protected]>
|
Semgrep found 138
Semgrep found a match |
- Replace print statements with appropriate logging calls (info, error) - Keep CLI usage help text as print statements (appropriate for user-facing help) - Configure logging with INFO level and clean format - Addresses Semgrep scan findings for avoid_print_python_rule 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <[email protected]>
|
Refactored operational print statements to use more appropriate logging calls. Semgrep is now passing. |
- Replace hardcoded Semgrep API tokens with environment variable references
- All test/development files now use os.getenv("SEMGREP_APP_TOKEN")
- Addresses leaked secrets security finding
IMPORTANT: The previously hardcoded token should be revoked immediately.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <[email protected]>
…st practices • Fix Python package installation - now recommends virtual environments • Remove duplicate files (keep only the working create_semgrep_tag.py) • Remove unnecessary development/test files and zip file • Update all documentation to reference correct script name • Streamline utility to essential files only: README, script, requirements Resolves reviewer feedback about: - Global pip installation concerns - File redundancy questions - Unnecessary zip file 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <[email protected]>
![semgrep-code2-r2c-cse[bot]](https://avatars.githubusercontent.com/u/114427509?s=60&v=4){kind=small}
…ment - Add TODO comment in code acknowledging @stuartcmehrens's feedback about API tokens being 1:1 with deployments - Document that org_slug parameter could be auto-detected from API token - Add placeholder function for future implementation of org slug auto-discovery - Update README with planned improvement to simplify CLI interface - Requires research into correct Semgrep API endpoint for deployment info This addresses the feedback that org_slug shouldn't be required since it can be obtained from API calls. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <[email protected]>
…edback ✨ Major improvement based on @stuartcmehrens's feedback: • Auto-detect organization slug from API token using /api/v1/deployments endpoint • Simplify CLI interface - no more org_slug parameter needed! • Update all documentation to reflect new simplified usage 🔧 Changes: • NEW CLI: python create_semgrep_tag.py <repo_name> <tag_name> [tag_value] • OLD CLI: python create_semgrep_tag.py <org_slug> <repo_name> <tag_name> [tag_value] ✅ Since API tokens are 1:1 with deployments, users no longer need to: • Know their exact org slug format (underscores vs dashes) • Manually specify organization in every command • Remember complex org naming conventions 🧪 Tested and working: • Auto-detection: ✅ Successfully detects semgrep_kyle_sms • Tag creation: ✅ Creates tags with new interface • Listing: ✅ --list and --list-all work perfectly This addresses the core feedback about not needing org_slug parameter. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
• Added a new utility for creating and managing tags on Semgrep repositories via API
• Supports both simple tags (like
Python-3.7) and key-value tags (likeenvironment:production)• Includes comprehensive documentation and examples
Features
• Simple Tags: Create tags like
Python-3.7,managed-scan(no value needed)• Key-Value Tags: Create tags like
environment:production,language:JavaScript• Tag Management: Updates existing tags or adds new ones
• Preserves System Tags: Keeps reserved tags like
managed-scan• Repository Discovery: List all repositories in an organization
• Tag Listing: View current tags for any repository
Files Added
•
utilities/add_tag_to_project/create_semgrep_tag_final.py- Main working script•
utilities/add_tag_to_project/README.md- Comprehensive documentation•
utilities/add_tag_to_project/requirements.txt- Python dependencies• Supporting development/test scripts for reference
Usage Examples
Test Plan
semgrep_kyle_sms/kyle-semgrep/js-appPython-3.7)environment:production,language:JavaScript)managed-scan🤖 Generated with Claude Code