> ## Documentation Index
> Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Set up Semgrep Supply Chain for your infrastructure

<Note>
  **YOUR DEPLOYMENT JOURNEY**

  * You have gained the necessary [resource access and permissions](/deployment/checklist) required for deployment.
  * You have [created a Semgrep account and organization](/deployment/create-account-and-orgs).
  * For GitHub and GitLab users: You have [connected your source code manager](/deployment/connect-scm).
  * Optionally, you have [set up SSO](/deployment/sso).
  * You have successfully added a [Semgrep job](/deployment/add-semgrep-to-ci) to your CI workflow.
</Note>

Semgrep Supply Chain performs software composition analysis with reachability.

Scanning third-party code with Semgrep Supply Chain may require additional steps, such as generating a manifest file or lockfile that it can parse in continuous integration (CI).

The documents in this category describe how to set up Semgrep Supply Chain for specific manifest files, lockfiles, or CI providers, to ensure that your Semgrep Supply Chain deployment functions as intended.

| <Tooltip tip="Software that interacts with a package registry to download, upload, or search for dependencies. Package managers typically generate manifest files or lockfiles." cta="See full definition." href="/semgrep-supply-chain/glossary#package-manager">Package manager</Tooltip> | Issue                                                               | Solution                                                                                                                                                 |
| :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :------------------------------------------------------------------ | :------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Maven                                                                                                                                                                                                                                                                                       | Semgrep Supply Chain requires a dependency tree to detect packages. | Generate a dependency tree using `mvn` by following the steps in [Setting up Semgrep Supply Chain with Apache Maven](/semgrep-supply-chain/setup-maven). |
