Slack on scaling static analysis with Semgrep

Slack’s DEF CON 29 AppSec Village presentation
Pablo Estrada
Pablo Estrada
August 10, 2021

In this video, Erin Browning and Tim Faraci from Slack present at DEF CON 29 AppSec Village. Highlights include:

  • Keeping developers happy with fast scan results

  • Thinking beyond the compliance checkbox

  • Dealing with false positives

  • Integrating scanning into the developer and security workflows

  • Calibrating metrics and performance targets



Semgrep Logo

Semgrep is a fast, open-source, code scanning tool for finding bugs, detecting dependency vulnerabilities, and enforcing code standards.

Code scanning at ludicrous speed

Find bugs and enforce code standards