{"id":"cdf6019a-33e7-47fd-81ef-df06448b6a67","shortId":"SP4uhR","kind":"skill","title":"Semgrep Supply Chain Rule Pack Runner","tagline":"Runs Semgrep code and supply-chain checks with `semgrep scan`, registry rule packs, and dependency-aware findings to surface risky patterns early. Useful when agents need to summarize security results in repo terms developers can act on immediately.","description":"# Semgrep Supply Chain Rule Pack Runner\n\nRuns Semgrep code and supply-chain checks with `semgrep scan`, registry rule packs, and dependency-aware findings to surface risky patterns early. Useful when agents need to summarize security results in repo terms developers can act on immediately.\n\n## Installation\n\nUse the upstream install or setup path that matches your environment:\n- $ brew install semgrep\n- $ docker run -it -v \"${PWD}:/src\" semgrep/semgrep semgrep login\n- $ docker run -e SEMGREP_APP_TOKEN=<TOKEN> --rm -v \"${PWD}:/src\" semgrep/semgrep semgrep ci\n- $ brew upgrade semgrep\n\nRequirements and caveats from upstream:\n- <a href=\"https://hub.docker.com/r/semgrep/semgrep\">\n- <img src=\"https://img.shields.io/docker/pulls/semgrep/semgrep.svg?style=flat-square\" alt=\"Docker Pulls\" />\n- <img src=\"https://img.shields.io/docker/pulls/semgrep/semgrep.svg?style=flat-square\" alt=\"Docker Pulls (Old)\" />\n\nBasic usage or getting-started notes:\n- Semgrep is a fast, open-source, static analysis tool that searches code, finds bugs, and enforces secure guardrails and coding standards. Semgrep [supports 30+ languages](#language-support) and can run in an IDE, as a...\n- [From the Semgrep AppSec Platform](#option-1-getting-started-from-the-semgrep-appsec-platform-recommended)\n- [From the CLI](#option-2-getting-started-from-the-cli)\n\n- Source: https://github.com/semgrep/semgrep\n- Extracted from upstream docs: https://raw.githubusercontent.com/semgrep/semgrep/HEAD/README.md\n\n## Source\n\n- [Agent Skill Exchange](https://agentskillexchange.com/skills/semgrep-supply-chain-rule-pack-runner/)","tags":["semgrep","supply","chain","rule","pack","runner","skills","agentskillexchange","agent-skills","ai-agents","ai-tools","awesome-list"],"capabilities":["skill","source-agentskillexchange","skill-semgrep-supply-chain-rule-pack-runner","topic-agent-skills","topic-ai-agents","topic-ai-tools","topic-awesome-list","topic-claude-code","topic-codex","topic-cursor","topic-llm","topic-mcp","topic-npx-skills","topic-openclaw","topic-skills-catalog"],"categories":["skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/agentskillexchange/skills/semgrep-supply-chain-rule-pack-runner","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add agentskillexchange/skills","source_repo":"https://github.com/agentskillexchange/skills","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (1,592 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:12:25.820Z","embedding":null,"createdAt":"2026-05-18T13:19:19.986Z","updatedAt":"2026-05-18T19:12:25.820Z","lastSeenAt":"2026-05-18T19:12:25.820Z","tsv":"'-1':188 '-2':202 '/semgrep/semgrep':212 '/semgrep/semgrep/head/readme.md':219 '/skills/semgrep-supply-chain-rule-pack-runner/)':226 '/src':113,126 '30':169 'act':44,90 'agent':33,79,221 'agentskillexchange.com':225 'agentskillexchange.com/skills/semgrep-supply-chain-rule-pack-runner/)':224 'analysi':153 'app':121 'appsec':185,195 'awar':24,70 'basic':138 'brew':105,130 'bug':159 'caveat':135 'chain':3,13,49,59 'check':14,60 'ci':129 'cli':200,208 'code':9,55,157,165 'depend':23,69 'dependency-awar':22,68 'develop':42,88 'doc':216 'docker':108,117 'e':119 'earli':30,76 'enforc':161 'environ':104 'exchang':223 'extract':213 'fast':148 'find':25,71,158 'get':142,190,204 'getting-start':141 'getting-started-from-the-c':203 'getting-started-from-the-semgrep-appsec-platform-recommend':189 'github.com':211 'github.com/semgrep/semgrep':210 'guardrail':163 'ide':179 'immedi':46,92 'instal':93,97,106 'languag':170,172 'language-support':171 'login':116 'match':102 'need':34,80 'note':144 'open':150 'open-sourc':149 'option':187,201 'pack':5,20,51,66 'path':100 'pattern':29,75 'platform':186,196 'pwd':112,125 'raw.githubusercontent.com':218 'raw.githubusercontent.com/semgrep/semgrep/head/readme.md':217 'recommend':197 'registri':18,64 'repo':40,86 'requir':133 'result':38,84 'riski':28,74 'rm':123 'rule':4,19,50,65 'run':7,53,109,118,176 'runner':6,52 'scan':17,63 'search':156 'secur':37,83,162 'semgrep':1,8,16,47,54,62,107,115,120,128,132,145,167,184,194 'semgrep/semgrep':114,127 'setup':99 'skill':222 'skill-semgrep-supply-chain-rule-pack-runner' 'sourc':151,209,220 'source-agentskillexchange' 'standard':166 'start':143,191,205 'static':152 'summar':36,82 'suppli':2,12,48,58 'supply-chain':11,57 'support':168,173 'surfac':27,73 'term':41,87 'token':122 'tool':154 'topic-agent-skills' 'topic-ai-agents' 'topic-ai-tools' 'topic-awesome-list' 'topic-claude-code' 'topic-codex' 'topic-cursor' 'topic-llm' 'topic-mcp' 'topic-npx-skills' 'topic-openclaw' 'topic-skills-catalog' 'upgrad':131 'upstream':96,137,215 'usag':139 'use':31,77,94 'v':111,124","prices":[{"id":"cbaffe87-ecac-472b-a083-1f0dfbdb8697","listingId":"cdf6019a-33e7-47fd-81ef-df06448b6a67","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"agentskillexchange","category":"skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:19:19.986Z"}],"sources":[{"listingId":"cdf6019a-33e7-47fd-81ef-df06448b6a67","source":"github","sourceId":"agentskillexchange/skills/semgrep-supply-chain-rule-pack-runner","sourceUrl":"https://github.com/agentskillexchange/skills/tree/main/skills/semgrep-supply-chain-rule-pack-runner","isPrimary":false,"firstSeenAt":"2026-05-18T13:19:19.986Z","lastSeenAt":"2026-05-18T19:12:25.820Z"}],"details":{"listingId":"cdf6019a-33e7-47fd-81ef-df06448b6a67","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"agentskillexchange","slug":"semgrep-supply-chain-rule-pack-runner","github":{"repo":"agentskillexchange/skills","stars":8,"topics":["agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex","cursor","llm","mcp","npx-skills","openclaw","skills-catalog"],"license":"mit","html_url":"https://github.com/agentskillexchange/skills","pushed_at":"2026-05-18T19:02:17Z","description":"The open catalog of AI agent skills — 2,000+ security-scanned skills for Claude Code, Cursor, Codex, and more.","skill_md_sha":"31c48c78fb47f45b4388f46675c98bca2f5aec9c","skill_md_path":"skills/semgrep-supply-chain-rule-pack-runner/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/agentskillexchange/skills/tree/main/skills/semgrep-supply-chain-rule-pack-runner"},"layout":"multi","source":"github","category":"skills","frontmatter":{"name":"Semgrep Supply Chain Rule Pack Runner","description":"Runs Semgrep code and supply-chain checks with `semgrep scan`, registry rule packs, and dependency-aware findings to surface risky patterns early. Useful when agents need to summarize security results in repo terms developers can act on immediately."},"skills_sh_url":"https://skills.sh/agentskillexchange/skills/semgrep-supply-chain-rule-pack-runner"},"updatedAt":"2026-05-18T19:12:25.820Z"}}