Welcome to the Semgrep blog

Code analysis at ludicrous speed

announcements

Releasing Semgrep 1.0

Announcing a milestone release: Semgrep 1.0

Yoann Padioleau

December 01, 2022 read

development

Need for speed: static analysis version

Why speed is important in static analysis and how Semgrep achieves ludicrous speed

Brandon Wu

November 29, 2022 read

best practices

Tips and tricks for writing fixes

A few tips you might not know to improve your Semgrep usage

Pieter De Cremer

April 18, 2022 read

Tips and tricks for writing fixes thumbnail

security

Software supply chain security is hard

See why today's SCA tools are noisy and how can you leverage reachability to reduce the noise

Andy Huang

September 28, 2022 read

announcements

It's time to ignore 98% of dependency alerts. Introducing Semgrep Supply Chain.

Based on the Semgrep engine, Semgrep Supply Chain finds reachable vulnerable dependencies in your code

Adam Berman

October 04, 2022 read

announcements

Releasing Semgrep 1.0

Announcing a milestone release: Semgrep 1.0

Yoann Padioleau

December 01, 2022 read

development

Need for speed: static analysis version

Why speed is important in static analysis and how Semgrep achieves ludicrous speed

Brandon Wu

November 29, 2022 read

best practices

Tips and tricks for writing fixes

A few tips you might not know to improve your Semgrep usage

Pieter De Cremer

April 18, 2022 read

security

Software supply chain security is hard

See why today's SCA tools are noisy and how can you leverage reachability to reduce the noise

Andy Huang

September 28, 2022 read

announcements

It's time to ignore 98% of dependency alerts. Introducing Semgrep Supply Chain.

Based on the Semgrep engine, Semgrep Supply Chain finds reachable vulnerable dependencies in your code

Adam Berman

October 04, 2022 read

announcements

Releasing Semgrep 1.0

Announcing a milestone release: Semgrep 1.0

Yoann Padioleau

December 01, 2022 read

development

Need for speed: static analysis version

Why speed is important in static analysis and how Semgrep achieves ludicrous speed

Brandon Wu

November 29, 2022 read

best practices

Tips and tricks for writing fixes

A few tips you might not know to improve your Semgrep usage

Pieter De Cremer

April 18, 2022 read

security

Software supply chain security is hard

See why today's SCA tools are noisy and how can you leverage reachability to reduce the noise

Andy Huang

September 28, 2022 read

announcements

It's time to ignore 98% of dependency alerts. Introducing Semgrep Supply Chain.

Based on the Semgrep engine, Semgrep Supply Chain finds reachable vulnerable dependencies in your code

Adam Berman

October 04, 2022 read

Page 1 of 11

Static analysis at ludicrous speed

Find Bugs and Enforce Code Standards

Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Code analysis at ludicrous speed

Stay up to date

Semgrep jobs Terms Privacy

Semgrep App

Semgrep Supply Chain

Getting started with Semgrep Supply Chain

Docs

Tutorial

Blog

Contact Us

Introducing Semgrep Supply Chain.

General availability support of PHP

Demystifying taint mode

Welcome to the Semgrep blog

Releasing Semgrep 1.0

Need for speed: static analysis version

Tips and tricks for writing fixes

Software supply chain security is hard

It's time to ignore 98% of dependency alerts. Introducing Semgrep Supply Chain.

Releasing Semgrep 1.0

Need for speed: static analysis version

Tips and tricks for writing fixes

Software supply chain security is hard

It's time to ignore 98% of dependency alerts. Introducing Semgrep Supply Chain.

Releasing Semgrep 1.0

Need for speed: static analysis version

Tips and tricks for writing fixes

Software supply chain security is hard

It's time to ignore 98% of dependency alerts. Introducing Semgrep Supply Chain.

Categories

Latest posts

XML Security in Java

Releasing Semgrep 1.0

Need for speed: static analysis version

Building an enterprise-ready, scalable security program using Semgrep

Powerfully autofixing code with Semgrep's new AST-based approach

A deep dive into Semgrep Supply Chain

Fully loaded: testing vulnerable PyYAML versions

It's time to ignore 98% of dependency alerts. Introducing Semgrep Supply Chain.

Semgrep App

Semgrep Supply Chain

Getting started with Semgrep Supply Chain

Docs

Tutorial

Blog

Contact Us

Introducing Semgrep Supply Chain.

General availability support of PHP

Demystifying taint mode

Welcome to the Semgrep blog

Releasing Semgrep 1.0

Need for speed: static analysis version

Tips and tricks for writing fixes

Software supply chain security is hard

It's time to ignore 98% of dependency alerts. Introducing Semgrep Supply Chain.

Releasing Semgrep 1.0

Need for speed: static analysis version

Tips and tricks for writing fixes

Software supply chain security is hard

It's time to ignore 98% of dependency alerts. Introducing Semgrep Supply Chain.

Releasing Semgrep 1.0

Need for speed: static analysis version

Tips and tricks for writing fixes

Software supply chain security is hard

It's time to ignore 98% of dependency alerts. Introducing Semgrep Supply Chain.

Categories

Subscribe to our blog

Latest posts

XML Security in Java

Releasing Semgrep 1.0

Need for speed: static analysis version

Building an enterprise-ready, scalable security program using Semgrep

Powerfully autofixing code with Semgrep's new AST-based approach

A deep dive into Semgrep Supply Chain

Fully loaded: testing vulnerable PyYAML versions

It's time to ignore 98% of dependency alerts. Introducing Semgrep Supply Chain.