Running Semgrep on Windows and run Pygoat

Question

I installed Semgrep on Windows with pip install semgrep and it worked. Now, I want to run the entire semgrep registry on pygoat. I downloaded the code from here and have it in a folder on my laptop. How do you run the registry on this folder? I tried the following:

cd semgrep location, then python3 semgrep --config "\pygoat\pygoat"

Many other versions of the above as well, but keep getting the following errors.

'semgrep' is not recognized as an internal or external command,
operable program or batch file.

Other errors include 'no such file or directory'.

Answer 1

Try confirming you have Semgrep installed correctly by running --help. It should print to your terminal:

$ semgrep --help

Then check for Python == where the left and right sides are the same (often a bug):

$ semgrep -e '$X == $X' --lang=py path/to/src

If the path is the same, navigate to the project folder and try running a simple Semgrep rule from the Python registry.

If all else, uninstall Semgrep:

py -m pip uninstall semgrep

Then reinstall:

python3 -m pip install semgrep

You might need to install Python3 if not already installed on your machine.

Then follow the previous step to confirm you have Semgrep installed.

Answer 2

Semgrep does not work natively on windows, you can either use it via windows subsystem for linux, or run it in a container.

For example:

wsl --exec sh -c "python3 -m pip install --update semgrep ^&^& semgrep"

https://semgrep.dev/docs/getting-started/#installing-and-running-semgrep-locally