> ## Documentation Index
> Fetch the complete documentation index at: https://docs.endorlabs.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Rule-based SAST

> Run rule-based static analysis on your first-party code using Opengrep.

Rule-based SAST in Endor Labs uses [Opengrep](https://www.opengrep.dev/) to scan your source code against a curated set of pattern-based rules. Scans are fast and deterministic and run without executing the code.

The [AI SAST triage agent](/scan/ai-sast/triage-agent) runs on top of rule-based SAST to automatically classify each finding as a true positive or false positive, cutting the manual triage effort that rule-based scans typically require.

## How rule-based SAST works

Opengrep is an open-source, static analysis tool that finds bugs and vulnerabilities in source code using pattern matching. Opengrep parses the source code, applies pattern matching based on rules, and reports matches based on the rule specifications. Opengrep rules are in the YAML format.

When you run a SAST scan, Endor Labs downloads Opengrep and works seamlessly. If you wish, you can use Semgrep instead of Opengrep with Endor Labs.

<Warning>
  If you use Semgrep with Endor Labs, SAST scan is supported on macOS and Linux, and not supported on Windows.
</Warning>

Endor Labs includes a set of [curated rules](/scan/sast/manage-sast-rules). You can [create your own rules](/scan/sast/manage-sast-rules/create-sast-rule) or [import rules](/scan/sast/manage-sast-rules/import-sast-rule) with the rule designer.

<Note>
  Enable the [default SAST finding policies](/platform-administration/policies/finding-policies/sast-policies) to generate findings from SAST scans.
</Note>

When you [scan with the SAST option enabled](/scan/sast/run-a-sast-scan), Endor Labs uses Opengrep to scan for weaknesses in your source code based on SAST rules and generates findings based on the configured finding policies.

<Note>
  Endor Labs does not scan the files included in the `.gitignore` files during SAST scan. You can also use the `nosemgrep` annotation in the code to skip SAST scan. Refer to the [Semgrep Documentation](https://semgrep.dev/docs/ignoring-files-folders-code#ignore-code-through-nosemgrep) for more information.
</Note>

Login to [Endor Labs](https://app.endorlabs.com/login) to view the findings of a SAST scan. See [View SAST findings](/scan/sast/viewing-sast-findings) for more information.

You can create exception policies to exclude results from the findings page. See [create exception policy](/scan/sast/create-exception-policy) for more information.

You can create a finding policy using predefined templates to control which SAST results appear as findings. See [SAST policies](/platform-administration/policies/finding-policies/sast-policies) for more information.

## SAST severity matrix

Endor Labs determines the severity of findings by combining two factors from the SAST rule: impact and confidence. Impact measures the potential consequences of exploiting a security issue. Confidence represents the certainty that a detected pattern is a genuine security issue rather than a false positive. If either factor cannot be determined, the severity defaults to low.

The following matrix shows how Endor Labs resolves severity by combining impact and confidence.

<div style={{maxWidth: '500px'}}>
  <table style={{borderCollapse: 'collapse', width: '100%'}}>
    <tbody>
      <tr>
        <th style={{padding: '0.8rem', background: 'rgba(128,128,128,0.15)', color: 'inherit', border: '1px solid rgba(128,128,128,0.25)', fontWeight: 500, verticalAlign: 'middle'}}>High Impact</th>
        <td style={{padding: '0.8rem', background: 'hsl(25, 100%, 62%)', color: 'black', textAlign: 'center', fontWeight: 'bold', border: '1px solid rgba(128,128,128,0.25)'}}>Medium</td>
        <td style={{padding: '0.8rem', background: 'hsl(357, 76%, 49%)', color: 'white', textAlign: 'center', fontWeight: 'bold', border: '1px solid rgba(128,128,128,0.25)'}}>High</td>
        <td style={{padding: '0.8rem', background: 'hsl(346, 60%, 35%)', color: 'white', textAlign: 'center', fontWeight: 'bold', border: '1px solid rgba(128,128,128,0.25)'}}>Critical</td>
      </tr>

      <tr>
        <th style={{padding: '0.8rem', background: 'rgba(128,128,128,0.15)', color: 'inherit', border: '1px solid rgba(128,128,128,0.25)', fontWeight: 500, verticalAlign: 'middle'}}>Medium Impact</th>
        <td style={{padding: '0.8rem', background: 'hsl(47, 100%, 50%)', color: 'black', textAlign: 'center', fontWeight: 'bold', border: '1px solid rgba(128,128,128,0.25)'}}>Low</td>
        <td style={{padding: '0.8rem', background: 'hsl(25, 100%, 62%)', color: 'black', textAlign: 'center', fontWeight: 'bold', border: '1px solid rgba(128,128,128,0.25)'}}>Medium</td>
        <td style={{padding: '0.8rem', background: 'hsl(357, 76%, 49%)', color: 'white', textAlign: 'center', fontWeight: 'bold', border: '1px solid rgba(128,128,128,0.25)'}}>High</td>
      </tr>

      <tr>
        <th style={{padding: '0.8rem', background: 'rgba(128,128,128,0.15)', color: 'inherit', border: '1px solid rgba(128,128,128,0.25)', fontWeight: 500, verticalAlign: 'middle'}}>Low Impact</th>
        <td style={{padding: '0.8rem', background: 'hsl(47, 100%, 50%)', color: 'black', textAlign: 'center', fontWeight: 'bold', border: '1px solid rgba(128,128,128,0.25)'}}>Low</td>
        <td style={{padding: '0.8rem', background: 'hsl(47, 100%, 50%)', color: 'black', textAlign: 'center', fontWeight: 'bold', border: '1px solid rgba(128,128,128,0.25)'}}>Low</td>
        <td style={{padding: '0.8rem', background: 'hsl(25, 100%, 62%)', color: 'black', textAlign: 'center', fontWeight: 'bold', border: '1px solid rgba(128,128,128,0.25)'}}>Medium</td>
      </tr>

      <tr>
        <td style={{background: 'transparent', border: 'none'}} />

        <th style={{padding: '0.8rem', background: 'rgba(128,128,128,0.15)', color: 'inherit', border: '1px solid rgba(128,128,128,0.25)', fontWeight: 500}}>Low Confidence</th>
        <th style={{padding: '0.8rem', background: 'rgba(128,128,128,0.15)', color: 'inherit', border: '1px solid rgba(128,128,128,0.25)', fontWeight: 500}}>Medium Confidence</th>
        <th style={{padding: '0.8rem', background: 'rgba(128,128,128,0.15)', color: 'inherit', border: '1px solid rgba(128,128,128,0.25)', fontWeight: 500}}>High Confidence</th>
      </tr>
    </tbody>
  </table>
</div>

For ways to run a SAST scan, and incremental scan behavior, see [SAST overview](/scan/sast).

## Language support

Endor Labs supports single-function analysis for the following languages through curated rules and custom user rules:

```shell expandable theme={null}
- Apex
- Bash
- C
- Cairo
- Circom
- Clojure
- C++
- C#
- Dart
- Dockerfile
- Elixir
- Generic
- Go
- Hack
- HTML
- Java
- JavaScript
- JSON
- Jsonnet
- Julia
- Kotlin
- Lisp
- Lua
- Move
- OCaml
- PHP
- PromQL
- Protobuf
- Python
- QL
- R
- Regex
- Ruby
- Rust
- Scala
- Scheme
- Solidity
- Swift
- Terraform
- TypeScript
- XML
- YAML
```
