[FEATURE] SAST Tools in Use

[luckyservant]

Use Case

This project is an awesome initiative, thanks team. Maybe Im wrong but I can't see Semgrep is used in security analyzer source code. Is there any particular reason why it is removed from SAST tooling?

Category

What area of FuzzForge would this feature enhance?

• 🤖 AI Agents for Security
• [X ] 🛠 Workflow Automation
• 📈 Vulnerability Research
• 🔗 Fuzzer Integration
• 🌐 Community Marketplace
• 🔒 Enterprise Features
• 📚 Documentation
• 🎯 Other

[tduhamel42]

Hey, good catch — you’re right! Semgrep (or actually OpenGrep, the open-source version we’re using) isn’t in the security analyzer yet. We’re working on adding it to an Android workflow soon.

Once that’s live, I’ll close this issue. Thanks for pointing it out and for the kind words!

[umitTrivial]

Is Pluggable scanners possible rather than setting a fixed scanner? For example as a dev team if we've Semgrep then set it as SAST scanner else whatever SAST scanner we've. I think that implies a Pluggable adapter approach

[tduhamel42]

Currently not possible, but we're exploring a pluggable adapter approach to allow teams to configure their preferred modules. Still in the design phase - happy to hear any specific requirements you have.