Thanks to Hella Secure for hosting an outstanding virtual AppSec conference, #HellaConf 2020! Here’s r2c’s CTO, Drew, presenting about Semgrep, open-source code analysis that feels like grep:
Share
In this presentation Drew discusses a program analysis tool we’re developing called Semgrep (previously sgrep). It’s a multilingual semantic tool for writing security and correctness queries on source code (for Python, Java, Go, C, and JavaScript) with a simple “grep-like” interface. The original author, Yoann Padioleau, worked on Semgrep’s predecessor, Coccinelle, for Linux kernel refactoring, and later developed sgrep while at Facebook. He’s now full time with the r2c team.
Thanks to the Hella Secure folks for sharing the video recording of the presentation. You can also download the slides we presented, and watch all the videos from HellaConf conference on Twitch.
About
Semgrep enables teams to use industry-leading AI-assisted static application security testing (SAST), supply chain dependency scanning (SCA), and secrets detection. The Semgrep AppSec Platform is built for teams that struggle with noise by helping development teams apply secure coding practices.
