Does fixing the finding close the Plane work item?

Not automatically. This recipe files work items. You could add a step that reads semgrep_findings, sees a previously-filed finding is no longer present, and calls update_work_item to close the matching item.

Can it set priority from severity?

Yes. semgrep_findings carries each finding's severity, so the agent maps critical and high to your priority levels before calling create_work_item.

SemgrepPlane

Create Plane work items from Semgrep findings

A Semgrep + Plane agent flow

Semgrep flags a new SQL injection or a vulnerable dependency, and the finding stays in the AppSec platform where engineers rarely look between sprints. Security wants each finding to become tracked work in Plane, where the team plans, so a real vulnerability gets an owner and a due date instead of aging in a dashboard. The agent reads the findings list with semgrep_findings, picks the ones new since the last run, and creates a Plane work item for each with create_work_item. Semgrep responds to the agent's call, so the read runs on a schedule and only findings you haven't filed become work items.

The flow

Semgrepsemgrep_findings

Fetches existing security, code-quality, and supply-chain findings from the Semgrep AppSec Platform Findings API (requires authentication).

Planecreate_work_item

Creates a new work item.

Step by step

Scope severity and the project
Decide which findings warrant a ticket, for instance high and critical security findings, so low-noise style rules don't flood the board. Point the agent at one Plane project for security work.
Read the findings
The agent calls semgrep_findings, reading each finding's rule, severity, the file and line, and the category, security, code quality, or supply chain.
Create the Plane work items
For each new finding the agent calls create_work_item with a title naming the rule and file, a description holding the severity, location, and a link to the finding, and a priority mapped from severity.
Record what's already filed
Store each finding's ID against the work item it created. Next run the agent skips findings already filed, so a finding that persists across scans isn't re-ticketed every poll.

Tell your agent

Each morning, fetch Semgrep findings of high and critical severity in the security category. For any not already filed, create a Plane work item in the AppSec project with a title naming the rule and file, a description with the severity, file and line, and a link, and priority set from severity. Skip findings you've already filed.

Setup

This flow needs both servers connected to your agent. Follow each install guide:

Semgrep install guide Plane install guide

Worth knowing

semgrep_findings returns existing findings, not a stream of new ones, so the agent must diff against the prior run by finding ID to avoid re-creating a work item for a finding that was already there.
A finding can reappear after a branch is re-scanned. Keying on the finding ID means a genuinely new instance gets a ticket while a recurring one you already filed stays mapped.
create_work_item takes one item per call, so the agent loops over the new findings and creates them in sequence; on a first run, cap how many it files so a backlog scan doesn't open hundreds at once.

Questions

Does fixing the finding close the Plane work item?: Not automatically. This recipe files work items. You could add a step that reads semgrep_findings, sees a previously-filed finding is no longer present, and calls update_work_item to close the matching item.
Can it set priority from severity?: Yes. semgrep_findings carries each finding's severity, so the agent maps critical and high to your priority levels before calling create_work_item.