• Deployment
• Semgrep AppSec Platform

Scan with AI-powered detection (beta)

This page provides step-by-step instructions on enabling and running an AI-powered scan. For details on what AI-powered detection can uncover, known limitations, and beta considerations, see AI-powered detection overview.

Prerequisites

To run Semgrep Code's AI-powered detection, ensure that you meet the following requirements:

• You have added your projects to Semgrep Managed Scans. Look for the managed-scan tag in the Projects section of the Semgrep AppSec Platform.
• You have enabled Semgrep Multimodal for your organization.

Enable or disable AI-powered detection

This feature is enabled by default for all Semgrep Multimodal users.

To enable or disable AI-powered detection in Semgrep AppSec Platform, go to Settings > Code and then toggle AI-powered scanning on or off.

Scan with AI-powered detection

1. Log in to Semgrep AppSec Platform.
2. In the navigation bar, click on Projects.

To scan the default or main branch:

1. Choose the projects by selecting the checkboxes next to their names. This enables the Run a new scan drop-down menu.
2. Click Run a new scan > AI-powered detection.
3. A dialog appears that displays the number of projects that were selected for scanning. Click Scan to begin.

• If you would like Semgrep to automatically perform an AI scan on these projects every week, select Enable weekly scans.

To scan a non-default branch:

1. Click Details for your project of interest. On the project's Details page, click Run a new scan and choose AI-powered detection.
2. In the dialog, enter the name of the branch you want to scan.

View findings

Findings generated by AI-powered detection scans are part of Semgrep Code and are listed on the Code page. You can use the filters icon to filter for AI-powered scan findings.

The findings card indicates whether a finding was deterected by an AI-powered scan or a Rule-based scan.

Add additional context to AI-Powered detection scans

By uploading project-specific context such as design documents, threat models, or instructional markdown, you can provide additional information for Semgrep to use during AI-powered scans. This enables Semgrep to show higher-impact findings and reduce false positives based on how your application is designed and used.

info

Only Admins can upload context documents to Semgrep Projects.

To upload a project-specific context document:

1. Log in to Semgrep AppSec Platform.
2. In the navigation bar, go to Rules & Policies > Memories.
3. Go to the Documents tab and click Add document.
4. Drag the document to the File upload box or click Choose a file to select and upload your context document.
   Optionally: Add a Description of the document. This information will be used as additional context for AI-powered detection scans.

The finding Details page references the uploaded context document under the finding description.

For an in-depth understanding of how AI-powered detection works, see AI-powered detection: concepts, limitations, and FAQs.

---

Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.