Many thanks to the Silicon Valley Cyber Security Meetup for inviting us to present at their virtual event “Talkin’ Security” on April 9th.
In this presentation we discuss a program analysis tool we’re developing called semgrep (previously sgrep). It’s a multilingual semantic tool for writing security and correctness queries on source code (for Python, Java, Go, C, and JavaScript) with a simple “grep-like” interface. The original author, Yoann Padioleau, worked on semgrep’s predecessor, Coccinelle, for Linux kernel refactoring, and later developed sgrep while at Facebook. He’s now full time with us at r2c. semgrep is the query system underpinning Bento.
The folks from the Silicon Valley Cyber Security Meetup were kind enough to share the video recording of the presentation.
About
Semgrep enables teams to use industry-leading AI-assisted static application security testing (SAST), supply chain dependency scanning (SCA), and secrets detection. The Semgrep AppSec Platform is built for teams that struggle with noise by helping development teams apply secure coding practices.