diff --git a/.circleci/config.yml b/.circleci/config.yml
index 01eba4e466d63..047710d38a8d1 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1314,10 +1314,10 @@ workflows:
             - contracts-bedrock-build
       - semgrep-scan:
           name: semgrep-scan-local
-          scan_command: semgrep scan --timeout=100 --config=./semgrep --error .
+          scan_command: semgrep scan --timeout=100 --config .semgrep/rules/ --error .
       - semgrep-scan:
           name: semgrep-test
-          scan_command: semgrep scan --test semgrep/
+          scan_command: semgrep scan --test --config .semgrep/rules/ .semgrep/tests/
       - go-lint
       - fuzz-golang:
           name: fuzz-golang-<<matrix.package_name>>
diff --git a/semgrep/sol-rules.yaml b/.semgrep/rules/sol-rules.yaml
similarity index 100%
rename from semgrep/sol-rules.yaml
rename to .semgrep/rules/sol-rules.yaml
diff --git a/semgrep/sol-rules.t.sol b/.semgrep/tests/sol-rules.t.sol
similarity index 100%
rename from semgrep/sol-rules.t.sol
rename to .semgrep/tests/sol-rules.t.sol
diff --git a/.semgrepignore b/.semgrepignore
index 0e7e4044b758b..b5fcb03038824 100644
--- a/.semgrepignore
+++ b/.semgrepignore
@@ -9,7 +9,7 @@ vendor/
 *.min.js
 
 # Semgrep rules folder
-semgrep/
+.semgrep/
 
 # Semgrep-action log folder
 .semgrep_logs/
diff --git a/justfile b/justfile
index 57d7fa5da2183..a7359efbe9749 100644
--- a/justfile
+++ b/justfile
@@ -3,11 +3,11 @@ issues:
 
 # Runs semgrep on the entire monorepo.
 semgrep:
-  semgrep scan --config=semgrep --error .
+  semgrep scan --config .semgrep/rules/ --error .
 
 # Runs semgrep tests.
 semgrep-test:
-  semgrep scan --test semgrep/
+  semgrep scan --test --config .semgrep/rules/ .semgrep/tests/
 
 lint-shellcheck:
   find . -type f -name '*.sh' -not -path '*/node_modules/*' -not -path './packages/contracts-bedrock/lib/*' -not -path './packages/contracts-bedrock/kout*/*' -exec sh -c 'echo \"Checking $1\"; shellcheck \"$1\"' _ {} \\;
diff --git a/packages/contracts-bedrock/justfile b/packages/contracts-bedrock/justfile
index e736736347458..41cfd24bb2d6c 100644
--- a/packages/contracts-bedrock/justfile
+++ b/packages/contracts-bedrock/justfile
@@ -163,7 +163,7 @@ semver-diff-check: build semver-diff-check-no-build
 
 # Checks that the semgrep tests are valid.
 semgrep-test-validity-check:
-  forge fmt ../../semgrep/sol-rules.t.sol --check
+  forge fmt ../../.semgrep/tests/sol-rules.t.sol --check
 
 # Checks that forge test names are correctly formatted.
 lint-forge-tests-check:
@@ -199,11 +199,11 @@ check-kontrol-summaries-unchanged:
 
 # Runs semgrep on the contracts.
 semgrep:
-  cd ../../ && semgrep scan --config=semgrep ./packages/contracts-bedrock
+  cd ../../ && semgrep scan --config .semgrep/rules/ ./packages/contracts-bedrock
 
 # Runs semgrep tests.
 semgrep-test:
-  cd ../../ && semgrep scan --test semgrep
+  cd ../../ && semgrep scan --test --config .semgrep/rules/ .semgrep/tests/
 
 # TODO: Also run lint-forge-tests-check but we need to fix the test names first.
 # Runs all checks.