Slack on scaling static analysis with Semgrep

Slack’s DEF CON 29 AppSec Village presentation

In this video, Erin Browning and Tim Faraci from Slack present at DEF CON 29 AppSec Village. Highlights include:

  • Keeping developers happy with fast scan results

  • Thinking beyond the compliance checkbox

  • Dealing with false positives

  • Integrating scanning into the developer and security workflows

  • Calibrating metrics and performance targets



Semgrep Logo

Semgrep lets security teams partner with developers and shift left organically, without introducing friction. Semgrep gives security teams confidence that they are only surfacing true, actionable issues to developers, and makes it easy for developers to fix these issues in their existing environments.

Find and fix the issues that matter before build time

Semgrep helps organizations shift left without the developer productivity tax.

Get started in minutesBook a demo