Issue
When running Contrast's local scanner (SAST) on a Javascript project the following error may be seen.
ERROR: Unable to find executable [semgrep]. Is it correctly installed?
Cause
This ERROR can be seen when running the Contrast local scanner version 1.0.1 and greater against an older Project labeled with the JavaScript language.
When the local scanner reads in the language setting of the older project, it attempts to utilize a deprecated scanning engine to analyze the JavaScript source code.
Resolution
- Create a new project in the UI or through the Local scanner.
- Then run the scan again. This will correctly set the language of the new project to the
composite
engine and semgrep will no longer be utilized.