From 6802dcb642a58a194ae2a82eaae314a4dfeaf059 Mon Sep 17 00:00:00 2001 From: Abhijna Parigi Date: Mon, 1 Dec 2025 12:32:44 -0800 Subject: [PATCH 01/17] assistant findings autogenerated --- docs/semgrep-assistant/analyze.md | 36 ++++++++++++++++++++++++++---- docs/semgrep-assistant/overview.md | 7 +++++- 2 files changed, 38 insertions(+), 5 deletions(-) diff --git a/docs/semgrep-assistant/analyze.md b/docs/semgrep-assistant/analyze.md index 1593247ac6..39acb23aff 100644 --- a/docs/semgrep-assistant/analyze.md +++ b/docs/semgrep-assistant/analyze.md @@ -27,14 +27,42 @@ The amount of time required to analyze your findings varies. Before running the :::info - For Team tier users with less than 10 contributors: There is a cap of 50 Assistant runs per month using the **Analyze** button. - For Team or Enterprise users with an active subscription: There is a cap of 10,000 Assistant runs per month using the **Analyze** button. It is rate-limited to 1,000 Assistant runs per hour. -- For users of any tier: Assistant runs against pull requests and merge requests do not count against this limit. +- For users of any tier: Assistant runs against pull requests (PRs) and merge requests (MRs) do not count against this limit. ::: -## View recommendations + +## Automatic analysis + +### When Assistant auto-analyzes findings + +Assistant will automatically generate an analysis for any new finding on a full scan that is: +- Critical or High severity, or +- High or Medium confidence. + +It will also analyze up to 10 new findings, regardless of severity or confidence, on a PR or MR. + +You can get an overview of how many new findings a deployment generates with [this query](https://metabase.corp.semgrep.dev/question/5211-issues-created-on-a-deployment-by-day-last-30-days?deployment=1) (but it doesn’t distinguish between scan types; if you need that, try adding a ref filter). + +### Findings that are not auto-analyzed + +Assistant won't automatically analyze: + +- Updated findings: Findings that are updates to existing issues rather than new findings +- Duplicate findings: Findings that are duplicates of existing findings +- Historical findings: Findings that were created before automatic analysis was enabled for your deployment. Automatic analysis for full scans was enabled on November 10, 2025. +- Additional PR or MR findings: The 11th finding or later on the same PR or MR (only the first 10 are automatically analyzed) + +### Request analysis for existing findings + +If you want Assistant analyses for findings that weren't automatically analyzed (as described above), you can request them in bulk through Semgrep AppSec Platform. + +If you need assistance with bulk analysis requests or have questions about backfilling analyses for your findings, contact [Semgrep Support](/support). + +## View Assistant recommendations You can [view all of Semgrep Assistant's recommendations](/semgrep-code/findings/#filter-findings) by going to the Semgrep **Findings** page and filtering by **Recommendation** or **Component**. -## Feedback +## Provide feedback on Assistant recommendations Semgrep Assistant prompts you for feedback whenever it suggests that a finding is a false positive. Because Assistant content is generated by language models (LLMs), your feedback helps the Semgrep team improve Assistant. @@ -42,6 +70,6 @@ Semgrep Assistant lets you leave feedback in the following places: * In Semgrep AppSec Platform: the Assistant recommendation appears in Semgrep Code's **Finding Details** page under **Activity**, along with **Agree and ignore** or **Disagree** buttons. * In Slack notifications: the **Agree** and **Disagree** buttons appear under the Assistant recommendation message. -* In GitHub pull requests: you can leave feedback using `/semgrep assistant agree|disagree`. +* In GitHub PRs: you can leave feedback using `/semgrep assistant agree|disagree`. If Semgrep Assistant suggests that a finding is a true positive and supplies an autofix suggestion, there is no automated mechanism to leave feedback on this outcome. Feel free to contact [Semgrep Support](/support) to let us know your thoughts. diff --git a/docs/semgrep-assistant/overview.md b/docs/semgrep-assistant/overview.md index b6916e3868..9e6d47dacf 100644 --- a/docs/semgrep-assistant/overview.md +++ b/docs/semgrep-assistant/overview.md @@ -28,6 +28,11 @@ Semgrep Assistant: - GitHub Cloud and GitHub Enterprise Server (self-hosted) - GitLab, including SaaS and self-managed plans - Requires the Semgrep AppSec Platform for its use +- Auto-analyzes many but not all findings during scans + - For full scans, all *new* issues that are either: + - High or Critical severity, or + - High or Medium confidence + - For diff-aware scans (pull pequest or merge request scans), up to 10 new issues are auto-analyzed per scan ## Features @@ -37,7 +42,7 @@ Semgrep Assistant can provide remediation advice and autofixes, or suggested fix #### Guidance -With Assistant enabled, every PR or MR comment Semgrep pushes includes remediation guidance with information on fixing the issue. Assistant's remediation guidance provides step-by-step instructions on how to remediate the finding identified by Semgrep Code. +With Assistant enabled, PR or MR comments from Semgrep include step-by-step instructions for remedying the finding identified by Semgrep Code. ![PR comments with remediation advice](/img/assistant-guidance.png#md-width) _**Figure.** PR comment displaying the rule message followed by a comment that contains Assistant-generated remediation guidance._ From 13cf1d9e34800d081c1d252e6bb16d31864127d1 Mon Sep 17 00:00:00 2001 From: Abhijna Parigi Date: Mon, 1 Dec 2025 12:35:01 -0800 Subject: [PATCH 02/17] assistant findings autogenerated --- docs/semgrep-assistant/analyze.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/semgrep-assistant/analyze.md b/docs/semgrep-assistant/analyze.md index 39acb23aff..d71c736829 100644 --- a/docs/semgrep-assistant/analyze.md +++ b/docs/semgrep-assistant/analyze.md @@ -49,8 +49,8 @@ Assistant won't automatically analyze: - Updated findings: Findings that are updates to existing issues rather than new findings - Duplicate findings: Findings that are duplicates of existing findings -- Historical findings: Findings that were created before automatic analysis was enabled for your deployment. Automatic analysis for full scans was enabled on November 10, 2025. -- Additional PR or MR findings: The 11th finding or later on the same PR or MR (only the first 10 are automatically analyzed) +- Historical findings: Findings that were created before automatic analysis was enabled for your deployment. Automatic analysis for full scans was enabled in November 2025. +- Additional PR or MR findings: The eleventh finding or later on the same PR or MR (only the first 10 are automatically analyzed) ### Request analysis for existing findings @@ -64,7 +64,7 @@ You can [view all of Semgrep Assistant's recommendations](/semgrep-code/findings ## Provide feedback on Assistant recommendations -Semgrep Assistant prompts you for feedback whenever it suggests that a finding is a false positive. Because Assistant content is generated by language models (LLMs), your feedback helps the Semgrep team improve Assistant. +Semgrep Assistant prompts you for feedback whenever it suggests that a finding is a false positive. Because Assistant content is generated by large language models (LLMs), your feedback helps the Semgrep team improve Assistant. Semgrep Assistant lets you leave feedback in the following places: From d63c0a7411ff57f3811e6f8fa6a1d87a3f23ce23 Mon Sep 17 00:00:00 2001 From: Abhijna Parigi Date: Mon, 1 Dec 2025 12:46:38 -0800 Subject: [PATCH 03/17] remove redundant subheading --- docs/semgrep-assistant/analyze.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/docs/semgrep-assistant/analyze.md b/docs/semgrep-assistant/analyze.md index d71c736829..9fff9957c9 100644 --- a/docs/semgrep-assistant/analyze.md +++ b/docs/semgrep-assistant/analyze.md @@ -14,7 +14,7 @@ Once you've [enabled Assistant](/docs/semgrep-assistant/getting-started), you ca ![Assistant Analyze button on Findings page](/img/scp-assistant.png#md-width) -To analyze your findings with Assistant: +## How to analyze your findings with Assistant 1. On the [Findings](https://semgrep.dev/orgs/-/findings?tab=open) page, select the findings that you want Assistant to analyze. 2. Click **Analyze**. @@ -31,9 +31,8 @@ The amount of time required to analyze your findings varies. Before running the ::: -## Automatic analysis -### When Assistant auto-analyzes findings +## When Assistant auto-analyzes findings Assistant will automatically generate an analysis for any new finding on a full scan that is: - Critical or High severity, or @@ -43,7 +42,7 @@ It will also analyze up to 10 new findings, regardless of severity or confidence You can get an overview of how many new findings a deployment generates with [this query](https://metabase.corp.semgrep.dev/question/5211-issues-created-on-a-deployment-by-day-last-30-days?deployment=1) (but it doesn’t distinguish between scan types; if you need that, try adding a ref filter). -### Findings that are not auto-analyzed +## Findings that are not auto-analyzed Assistant won't automatically analyze: @@ -52,7 +51,7 @@ Assistant won't automatically analyze: - Historical findings: Findings that were created before automatic analysis was enabled for your deployment. Automatic analysis for full scans was enabled in November 2025. - Additional PR or MR findings: The eleventh finding or later on the same PR or MR (only the first 10 are automatically analyzed) -### Request analysis for existing findings +## Request analysis for existing findings If you want Assistant analyses for findings that weren't automatically analyzed (as described above), you can request them in bulk through Semgrep AppSec Platform. From b088f0b2272a20cd402afb9f82843a979e66e1a8 Mon Sep 17 00:00:00 2001 From: Abhijna Parigi Date: Mon, 1 Dec 2025 13:11:27 -0800 Subject: [PATCH 04/17] removed internal note --- docs/semgrep-assistant/analyze.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/semgrep-assistant/analyze.md b/docs/semgrep-assistant/analyze.md index 9fff9957c9..c07b445989 100644 --- a/docs/semgrep-assistant/analyze.md +++ b/docs/semgrep-assistant/analyze.md @@ -40,7 +40,6 @@ Assistant will automatically generate an analysis for any new finding on a full It will also analyze up to 10 new findings, regardless of severity or confidence, on a PR or MR. -You can get an overview of how many new findings a deployment generates with [this query](https://metabase.corp.semgrep.dev/question/5211-issues-created-on-a-deployment-by-day-last-30-days?deployment=1) (but it doesn’t distinguish between scan types; if you need that, try adding a ref filter). ## Findings that are not auto-analyzed From deb678b60c110ca8fb1f87b55be4fad9b7d6dea1 Mon Sep 17 00:00:00 2001 From: Abhijna Parigi Date: Mon, 1 Dec 2025 13:15:59 -0800 Subject: [PATCH 05/17] bold --- docs/semgrep-assistant/analyze.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/semgrep-assistant/analyze.md b/docs/semgrep-assistant/analyze.md index c07b445989..991e19b472 100644 --- a/docs/semgrep-assistant/analyze.md +++ b/docs/semgrep-assistant/analyze.md @@ -34,11 +34,11 @@ The amount of time required to analyze your findings varies. Before running the ## When Assistant auto-analyzes findings -Assistant will automatically generate an analysis for any new finding on a full scan that is: +Assistant will automatically generate an analysis for any new finding on a **full scan** that is: - Critical or High severity, or - High or Medium confidence. -It will also analyze up to 10 new findings, regardless of severity or confidence, on a PR or MR. +On a **PR or MR**, it will analyze up to 10 new findings, regardless of severity or confidence. ## Findings that are not auto-analyzed From 260d675945193356f85401c6988e99b50e9c4fc6 Mon Sep 17 00:00:00 2001 From: Abhijna Parigi Date: Mon, 1 Dec 2025 15:40:00 -0800 Subject: [PATCH 06/17] What Alexis suggested --- docs/semgrep-assistant/analyze.md | 6 +----- docs/semgrep-assistant/overview.md | 6 ++---- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/docs/semgrep-assistant/analyze.md b/docs/semgrep-assistant/analyze.md index 991e19b472..17f51d5ad8 100644 --- a/docs/semgrep-assistant/analyze.md +++ b/docs/semgrep-assistant/analyze.md @@ -34,9 +34,7 @@ The amount of time required to analyze your findings varies. Before running the ## When Assistant auto-analyzes findings -Assistant will automatically generate an analysis for any new finding on a **full scan** that is: -- Critical or High severity, or -- High or Medium confidence. +Assistant will automatically generate an analysis for any new finding on a **full scan** that is of both Critical or High severity AND has High or Medium confidence. On a **PR or MR**, it will analyze up to 10 new findings, regardless of severity or confidence. @@ -45,8 +43,6 @@ On a **PR or MR**, it will analyze up to 10 new findings, regardless of severity Assistant won't automatically analyze: -- Updated findings: Findings that are updates to existing issues rather than new findings -- Duplicate findings: Findings that are duplicates of existing findings - Historical findings: Findings that were created before automatic analysis was enabled for your deployment. Automatic analysis for full scans was enabled in November 2025. - Additional PR or MR findings: The eleventh finding or later on the same PR or MR (only the first 10 are automatically analyzed) diff --git a/docs/semgrep-assistant/overview.md b/docs/semgrep-assistant/overview.md index 9e6d47dacf..0bb2ba2bdd 100644 --- a/docs/semgrep-assistant/overview.md +++ b/docs/semgrep-assistant/overview.md @@ -29,9 +29,7 @@ Semgrep Assistant: - GitLab, including SaaS and self-managed plans - Requires the Semgrep AppSec Platform for its use - Auto-analyzes many but not all findings during scans - - For full scans, all *new* issues that are either: - - High or Critical severity, or - - High or Medium confidence + - For full scans, all *new* issues that have both High or Critical severity and are of High or Medium confidence are auto-analyzed - For diff-aware scans (pull pequest or merge request scans), up to 10 new issues are auto-analyzed per scan ## Features @@ -42,7 +40,7 @@ Semgrep Assistant can provide remediation advice and autofixes, or suggested fix #### Guidance -With Assistant enabled, PR or MR comments from Semgrep include step-by-step instructions for remedying the finding identified by Semgrep Code. +With Assistant enabled, PR or MR comments from Semgrep include step-by-step remediation instructions for the finding identified by Semgrep Code. ![PR comments with remediation advice](/img/assistant-guidance.png#md-width) _**Figure.** PR comment displaying the rule message followed by a comment that contains Assistant-generated remediation guidance._ From 9d6ce6e9ce2f7224a8fd14979685adb7a778a2f0 Mon Sep 17 00:00:00 2001 From: Abhijna Parigi Date: Tue, 2 Dec 2025 09:12:28 -0800 Subject: [PATCH 07/17] Update docs/semgrep-assistant/analyze.md Co-authored-by: Katie Horne --- docs/semgrep-assistant/analyze.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/semgrep-assistant/analyze.md b/docs/semgrep-assistant/analyze.md index 17f51d5ad8..2b1e2f4f08 100644 --- a/docs/semgrep-assistant/analyze.md +++ b/docs/semgrep-assistant/analyze.md @@ -14,7 +14,7 @@ Once you've [enabled Assistant](/docs/semgrep-assistant/getting-started), you ca ![Assistant Analyze button on Findings page](/img/scp-assistant.png#md-width) -## How to analyze your findings with Assistant +## Analyze your findings with Assistant 1. On the [Findings](https://semgrep.dev/orgs/-/findings?tab=open) page, select the findings that you want Assistant to analyze. 2. Click **Analyze**. From 302bf71c7f40248402d29bce495a8492cab83d91 Mon Sep 17 00:00:00 2001 From: Abhijna Parigi Date: Tue, 2 Dec 2025 09:12:49 -0800 Subject: [PATCH 08/17] Update docs/semgrep-assistant/analyze.md Co-authored-by: Katie Horne --- docs/semgrep-assistant/analyze.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/semgrep-assistant/analyze.md b/docs/semgrep-assistant/analyze.md index 2b1e2f4f08..2e04caa7ac 100644 --- a/docs/semgrep-assistant/analyze.md +++ b/docs/semgrep-assistant/analyze.md @@ -34,7 +34,7 @@ The amount of time required to analyze your findings varies. Before running the ## When Assistant auto-analyzes findings -Assistant will automatically generate an analysis for any new finding on a **full scan** that is of both Critical or High severity AND has High or Medium confidence. +Assistant automatically analyzes new findings from a **full scan** that are **Critical** or **High** severity AND have **High** or **Medium** confidence. On a **PR or MR**, it will analyze up to 10 new findings, regardless of severity or confidence. From 417aa1802017c40cb47f2d1b2633f41f6eb22370 Mon Sep 17 00:00:00 2001 From: Abhijna Parigi Date: Tue, 2 Dec 2025 09:13:02 -0800 Subject: [PATCH 09/17] Update docs/semgrep-assistant/analyze.md Co-authored-by: Katie Horne --- docs/semgrep-assistant/analyze.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/semgrep-assistant/analyze.md b/docs/semgrep-assistant/analyze.md index 2e04caa7ac..aec32f8807 100644 --- a/docs/semgrep-assistant/analyze.md +++ b/docs/semgrep-assistant/analyze.md @@ -36,7 +36,7 @@ The amount of time required to analyze your findings varies. Before running the Assistant automatically analyzes new findings from a **full scan** that are **Critical** or **High** severity AND have **High** or **Medium** confidence. -On a **PR or MR**, it will analyze up to 10 new findings, regardless of severity or confidence. +On a diff-aware scan, Assistant analyzes up to 10 new findings, regardless of severity or confidence. ## Findings that are not auto-analyzed From 8faffbcfa6e9f766de3ff27891a472ea28502226 Mon Sep 17 00:00:00 2001 From: Abhijna Parigi Date: Tue, 2 Dec 2025 09:13:09 -0800 Subject: [PATCH 10/17] Update docs/semgrep-assistant/analyze.md Co-authored-by: Katie Horne --- docs/semgrep-assistant/analyze.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/semgrep-assistant/analyze.md b/docs/semgrep-assistant/analyze.md index aec32f8807..b3bf0fd8c8 100644 --- a/docs/semgrep-assistant/analyze.md +++ b/docs/semgrep-assistant/analyze.md @@ -41,7 +41,7 @@ On a diff-aware scan, Assistant analyzes up to 10 new findings, regardless of se ## Findings that are not auto-analyzed -Assistant won't automatically analyze: +Assistant doesn't automatically analyze: - Historical findings: Findings that were created before automatic analysis was enabled for your deployment. Automatic analysis for full scans was enabled in November 2025. - Additional PR or MR findings: The eleventh finding or later on the same PR or MR (only the first 10 are automatically analyzed) From 4b305738ee0551a83d4dd96fec898131e85396e5 Mon Sep 17 00:00:00 2001 From: Abhijna Parigi Date: Tue, 2 Dec 2025 09:13:21 -0800 Subject: [PATCH 11/17] Update docs/semgrep-assistant/analyze.md Co-authored-by: Katie Horne --- docs/semgrep-assistant/analyze.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/semgrep-assistant/analyze.md b/docs/semgrep-assistant/analyze.md index b3bf0fd8c8..dcb6c2d7a1 100644 --- a/docs/semgrep-assistant/analyze.md +++ b/docs/semgrep-assistant/analyze.md @@ -44,7 +44,7 @@ On a diff-aware scan, Assistant analyzes up to 10 new findings, regardless of se Assistant doesn't automatically analyze: - Historical findings: Findings that were created before automatic analysis was enabled for your deployment. Automatic analysis for full scans was enabled in November 2025. -- Additional PR or MR findings: The eleventh finding or later on the same PR or MR (only the first 10 are automatically analyzed) +- Additional PR or MR findings: The eleventh finding or later on the same PR or MR. Only the first 10 are automatically analyzed. ## Request analysis for existing findings From 850d4bbeaba80c30b33ec40474b9b00dcab9b457 Mon Sep 17 00:00:00 2001 From: Abhijna Parigi Date: Tue, 2 Dec 2025 09:13:52 -0800 Subject: [PATCH 12/17] Update docs/semgrep-assistant/overview.md Co-authored-by: Katie Horne --- docs/semgrep-assistant/overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/semgrep-assistant/overview.md b/docs/semgrep-assistant/overview.md index 0bb2ba2bdd..4de8ef4825 100644 --- a/docs/semgrep-assistant/overview.md +++ b/docs/semgrep-assistant/overview.md @@ -28,7 +28,7 @@ Semgrep Assistant: - GitHub Cloud and GitHub Enterprise Server (self-hosted) - GitLab, including SaaS and self-managed plans - Requires the Semgrep AppSec Platform for its use -- Auto-analyzes many but not all findings during scans +- Auto-analyzes many, but not all, findings during scans - For full scans, all *new* issues that have both High or Critical severity and are of High or Medium confidence are auto-analyzed - For diff-aware scans (pull pequest or merge request scans), up to 10 new issues are auto-analyzed per scan From 5b95b749f558e8575c6fb63a1f11a7a288ca58aa Mon Sep 17 00:00:00 2001 From: Abhijna Parigi Date: Tue, 2 Dec 2025 09:14:15 -0800 Subject: [PATCH 13/17] Update docs/semgrep-assistant/overview.md Co-authored-by: Katie Horne --- docs/semgrep-assistant/overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/semgrep-assistant/overview.md b/docs/semgrep-assistant/overview.md index 4de8ef4825..6edf3a03b9 100644 --- a/docs/semgrep-assistant/overview.md +++ b/docs/semgrep-assistant/overview.md @@ -29,7 +29,7 @@ Semgrep Assistant: - GitLab, including SaaS and self-managed plans - Requires the Semgrep AppSec Platform for its use - Auto-analyzes many, but not all, findings during scans - - For full scans, all *new* issues that have both High or Critical severity and are of High or Medium confidence are auto-analyzed + - For full scans, all *new* issues that hare **Critical** or **High** severity AND have **High** or **Medium** confidence are auto-analyzed - For diff-aware scans (pull pequest or merge request scans), up to 10 new issues are auto-analyzed per scan ## Features From 2b5d4c282993c685f36f9198b1832113d95b0e4b Mon Sep 17 00:00:00 2001 From: Abhijna Parigi Date: Tue, 2 Dec 2025 09:15:00 -0800 Subject: [PATCH 14/17] Update docs/semgrep-assistant/overview.md --- docs/semgrep-assistant/overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/semgrep-assistant/overview.md b/docs/semgrep-assistant/overview.md index 6edf3a03b9..7b34121c77 100644 --- a/docs/semgrep-assistant/overview.md +++ b/docs/semgrep-assistant/overview.md @@ -29,7 +29,7 @@ Semgrep Assistant: - GitLab, including SaaS and self-managed plans - Requires the Semgrep AppSec Platform for its use - Auto-analyzes many, but not all, findings during scans - - For full scans, all *new* issues that hare **Critical** or **High** severity AND have **High** or **Medium** confidence are auto-analyzed + - For full scans, all *new* issues that are **Critical** or **High** severity AND have **High** or **Medium** confidence are auto-analyzed - For diff-aware scans (pull pequest or merge request scans), up to 10 new issues are auto-analyzed per scan ## Features From ccfcc73fb620ed7753db27d64090103ebd6184c0 Mon Sep 17 00:00:00 2001 From: Abhijna Parigi Date: Tue, 2 Dec 2025 09:35:11 -0800 Subject: [PATCH 15/17] Apply suggestion from @abhijna --- docs/semgrep-assistant/analyze.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/semgrep-assistant/analyze.md b/docs/semgrep-assistant/analyze.md index dcb6c2d7a1..c18c7d3b79 100644 --- a/docs/semgrep-assistant/analyze.md +++ b/docs/semgrep-assistant/analyze.md @@ -64,6 +64,5 @@ Semgrep Assistant lets you leave feedback in the following places: * In Semgrep AppSec Platform: the Assistant recommendation appears in Semgrep Code's **Finding Details** page under **Activity**, along with **Agree and ignore** or **Disagree** buttons. * In Slack notifications: the **Agree** and **Disagree** buttons appear under the Assistant recommendation message. -* In GitHub PRs: you can leave feedback using `/semgrep assistant agree|disagree`. If Semgrep Assistant suggests that a finding is a true positive and supplies an autofix suggestion, there is no automated mechanism to leave feedback on this outcome. Feel free to contact [Semgrep Support](/support) to let us know your thoughts. From 1b2b91981a27266135a20e05798ac01c10bb9cbb Mon Sep 17 00:00:00 2001 From: Abhijna Parigi Date: Tue, 2 Dec 2025 11:13:26 -0800 Subject: [PATCH 16/17] how to bulk analyze --- docs/semgrep-assistant/analyze.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/semgrep-assistant/analyze.md b/docs/semgrep-assistant/analyze.md index c18c7d3b79..e7e77e1963 100644 --- a/docs/semgrep-assistant/analyze.md +++ b/docs/semgrep-assistant/analyze.md @@ -48,7 +48,14 @@ Assistant doesn't automatically analyze: ## Request analysis for existing findings -If you want Assistant analyses for findings that weren't automatically analyzed (as described above), you can request them in bulk through Semgrep AppSec Platform. +If you want Assistant analyses for findings that weren't automatically analyzed, you can request them in bulk through Semgrep AppSec Platform. + +1. Go to the [Findings](https://semgrep.dev/orgs/-/findings?tab=open) page. +2. Select the findings you want Assistant to analyze. You can select individual findings or use filters to select multiple findings at once. +3. Click **Analyze**. +4. In the confirmation dialog, review the estimated wait time and confirm the request. + +After Assistant completes the analysis, you can view recommendations in the finding's **Details** page or filter findings by **Assistant file risk levels** or **Assistant autotriage** on the Findings page. If you need assistance with bulk analysis requests or have questions about backfilling analyses for your findings, contact [Semgrep Support](/support). From f73615bfc993b1f9d415c363e5907c9b3909b9eb Mon Sep 17 00:00:00 2001 From: Abhijna Parigi Date: Tue, 2 Dec 2025 11:15:07 -0800 Subject: [PATCH 17/17] What Alexis suggested --- docs/semgrep-assistant/analyze.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/semgrep-assistant/analyze.md b/docs/semgrep-assistant/analyze.md index e7e77e1963..0231ac4efc 100644 --- a/docs/semgrep-assistant/analyze.md +++ b/docs/semgrep-assistant/analyze.md @@ -43,8 +43,8 @@ On a diff-aware scan, Assistant analyzes up to 10 new findings, regardless of se Assistant doesn't automatically analyze: -- Historical findings: Findings that were created before automatic analysis was enabled for your deployment. Automatic analysis for full scans was enabled in November 2025. -- Additional PR or MR findings: The eleventh finding or later on the same PR or MR. Only the first 10 are automatically analyzed. +- Findings that were created before automatic analysis was enabled for your deployment. Automatic analysis for full scans was enabled in November 2025. +- The eleventh finding or later on the same PR or MR. Only the first 10 are automatically analyzed. ## Request analysis for existing findings