68 lines
2.6 KiB
Markdown
68 lines
2.6 KiB
Markdown
---
|
|
title: Integrate with Semgrep
|
|
sidebar_label: Semgrep
|
|
---
|
|
|
|
# Semgrep
|
|
|
|
<span class="badge badge--secondary">Support level: Community</span>
|
|
|
|
## What is Semgrep
|
|
|
|
> **Semgrep**: An application security solution that combines SAST, SCA, and secret detection.
|
|
>
|
|
> -- https://semgrep.dev
|
|
|
|
## Preparation
|
|
|
|
The following placeholders will be used:
|
|
|
|
- `authentik.company` is the FQDN of the authentik install.
|
|
- `devcompany` is the organization name on Semgrep Cloud platform.
|
|
|
|
## authentik configuration
|
|
|
|
1. Log in to your authentik instance as an administrator.
|
|
2. Go to the admin interface.
|
|
3. Navigate to **Customization** -> **Property mappings**.
|
|
4. Create a new SAML property mapping with these parameters:
|
|
- **Name**: `semgrep-name`
|
|
- **SAML Attribute name**: `name`
|
|
- **Expression**: `return request.user.name`
|
|
5. Create another SAML property mapping with these parameters:
|
|
- **Name**: `semgrep-email`
|
|
- **SAML Attribute name**: `email`
|
|
- **Expression**: `return request.user.email`
|
|
6. Navigate to **System** -> **Certificates**.
|
|
7. Generate a new RSA certificate.
|
|
8. Download the generated certificate, as you will need it later.
|
|
9. Create a new SAML provider under **Applications** -> **Providers** using the following settings:
|
|
- **ACS URL**: `https://semgrep.dev/api/auth/saml/devcompany/`
|
|
- **Issuer**: `https://authentik.company`
|
|
- **Audience**: `semgrep-dev`
|
|
- **Service Provider Binding**: `Post`
|
|
- **Signing Keypair**: Choose the RSA certificate you generated earlier.
|
|
- **Property mappings**: `semgrep-name` and `semgrep-email`
|
|
10. Create a new application under **Applications** -> **Applications**, pick a name and a slug, and assign the provider that you just created.
|
|
|
|
## Semgrep configuration
|
|
|
|
1. Log in to Semgrep Cloud platform as an administrator.
|
|
2. Click **Settings** on bottom left corner.
|
|
3. Navigate to **Access** -> **Login methods**.
|
|
4. Locate Single sign-on entry, click **Add SSO configuration**, select **SAML2 SSO** from the drop down.
|
|
5. Fill in the following:
|
|
- **Display name**: Anything you like.
|
|
- **Email domain**: `company`
|
|
- **IdP SSO URL**: `https://authentik.company/application/saml/<semgrep slug>/sso/binding/post/`
|
|
- **IdP Issuer ID**: `https://authentik.company`
|
|
- **Upload/paste certificate**: Downloaded from the previous step.
|
|
|
|
## Verification
|
|
|
|
1. Open an Incognito window and navigate to `https://semgrep.dev/login`
|
|
2. Click **Use SSO** on the login screen.
|
|
3. Enter the email address associated with the domain you provided earlier.
|
|
4. Log in to authentik.
|
|
5. You will be redirected to the home screen of Semgrep Cloud platform.
|