Semgrep | Blog

Products
- Semgrep Code
  Find and fix the issues that matter in your code (SAST)
- Semgrep Supply Chain
  Find and fix reachable dependency vulnerabilities (SCA)
- Semgrep Secrets
  Find and fix hardcoded secrets with semantic analysis
- Semgrep Assistant
  Get triage and code fix recommendations from AI
- Semgrep AppSec Platform
  Automate, manage, and enforce security across your organization
- Semgrep Pro Engine
  Find more true positives and fewer false positives with dataflow analysis
- Product Updates
  Stay up to date on changes to the Semgrep platform, big and small
Solutions
- Software supply chain security
  Mitigate software supply chain risks
- Static application security testing
  Increase security while accelerating development
- OWASP Top 10
  Prevent the most critical web application security risks
Resources
- Docs
  Want to read all the docs? Start here
- Blog
  Get the latest news about Semgrep
- ROI Calculator
  See how Semgrep can save you time and money
- Community Slack
  Join the friendly Slack group to ask questions or share feedback
- Events
  Join us at a Semgrep Event!
- Case Studies
  See why users love Semgrep
- Video Library
  View our library of on-demand webinars
Company
- About
  The Semgrep story & values
- Careers
  Join the team!
- Partners
  Become a Semgrep partner
Pricing
Sign in
Product support
Contact us
Book demo Try for free

Announcements

Take control of sensitive code without developer frustration

Fine-grained policy automation for robust security and greater velocity

Jaweed Metz Katie Kent

Announcements

Announcing an AI AppSec engineer that users agree with 95% of the time

With its transparent engine, fast performance, and LLM-friendly rule syntax, Semgrep is uniquely positioned to leverage AI and tackle AppSec's biggest challenges: false...

Chushi Li

Development

How we built an AppSec AI that security researchers agree with 96% of the time

Getting Semgrep Assistant to triage vulnerabilities with a 96% true positive accuracy was hard, but there were lots of learnings along the way. In this blog, we’ll dive into the...

Jack Moxon Seth Jaksik

Announcements

Less effort, more insight: Introducing Dependency Graph for Supply Chain

You cannot secure what you cannot see. Introducing Semgrep’s Dependency Graph: effortless visibility into your software supply chain. Empower AppSec teams to uncover and...

Cullen Harwood Aaron Acosta Leif Dreizler

Announcements

AppSec guides, not gates: Introducing secure guardrails with Semgrep

"Shift left" was popular, but has largely failed to deliver on its promises. For too many teams, it was a way to take the same old security tools and point the firehose of...

Isaac Evans

Announcements

Rapidly deploy code scans across your organization with Semgrep managed scanning

You can now roll out Semgrep at ludicrous speed without any manual, per-repo CI/CD configuration. Whether you have one repo or thousands of repos, It Just Works.

Pablo Estrada

Security

Overrated and underperforming: transitive reachability analysis

Due to complex dependency layers and static analysis limitations, transitive reachability analysis struggles to deliver actionable insights.

Kyle Kelly

Announcements

10x your AppSec program with Semgrep Assistant

Assistant helps both AppSec engineers and developers make the correct decisions faster, with far less cognitive load required. This means users only spend their time and...

Chushi Li

Welcome to the Semgrep blog

Take control of sensitive code without developer frustration

Announcing an AI AppSec engineer that users agree with 95% of the time

How we built an AppSec AI that security researchers agree with 96% of the time

Less effort, more insight: Introducing Dependency Graph for Supply Chain

AppSec guides, not gates: Introducing secure guardrails with Semgrep

Rapidly deploy code scans across your organization with Semgrep managed scanning

Overrated and underperforming: transitive reachability analysis

10x your AppSec program with Semgrep Assistant

Categories

Categories

Subscribe to our blog

Latest posts

Beyond vulnerabilities: Detect malicious dependencies in your supply chain

Giving AppSec a Seat at the Vibe Coding Table

Maturing Your Application Security Program Survey

London calling: Highlights from the 2025 cloud & cyber security expo

🚨 Popular GitHub Action tj-actions/changed-files is compromised

Upgrading Semgrep from OCaml 4 to OCaml 5

The Future of SaaS Security: AI-Driven, Fast, and Secure

Take control of sensitive code without developer frustration