- Semgrep Code
  Find and fix the issues that matter in your code (SAST)
- Semgrep Supply Chain
  Fix vulnerabilities in open source dependencies and block malware
- Semgrep Secrets
  Find and fix hardcoded secrets with semantic analysis
- Semgrep AppSec Platform
  Automate, manage, and enforce security across your organization
- Semgrep Workflows
  Build and deploy security pipelines that combine static analysis with AI at scale
- Product Updates
  Stay up to date on changes to the Semgrep platform, big and small
- Secure Vibe Coding
  Secure your code, no matter who (or what) writes it.
- Open-Source Malware Protection
  Protect against software supply chain attacks
- Static application security testing
  Increase security while accelerating development
- OWASP Top 10
  Prevent the most critical web application security risks
- Secure Guardrails
  Protect Your Code with Secure Guardrails
- Fintech
  Mitigate software supply chain risks
- SaaS & Cloud
  Increase security while accelerating development
- Docs
  Want to read all the docs? Start here
- Blog
  Get the latest news about Semgrep
- ROI Calculator
  See how Semgrep can save you time and money
- Community Slack
  Join the friendly Slack group to ask questions or share feedback
- Events
  Join us at a Semgrep Event!
- Case Studies
  See why users love Semgrep
- Video Library
  View our library of on-demand webinars
- Community Edition
- About
  The Semgrep story & values
- Careers
  Join the team!
- Partners
  Become a Semgrep partner
Pricing
Sign in
Product support
Contact us
Book demo Try for free

Customer Success Story

How Tide transitioned to developer-first security

Democratized security with the help of security champions and developers
Reduced noise in detecting supply chain vulnerabilities by 80% using Semgrep's reachability analysis
Achieved 100% fix rate for issues found using Semgrep's custom rules

In this video case study, Devyani Vij, Sr. Product Security Engineer at Tide, discusses how enables her team to deploy a secure SDLC model that empowers developers to understand security issues and make long term improvements to their coding decisions.

Devyani talks about:

Embedding tools in the SDLC process so that each step of SDLC is secured
Choosing security products that are developer-first
Successfully implementing a Security Champions program, democratizing security and fostering its widespread adoption
Reducing false positives in Software Composition Analysis (SCA) by 80% using Semgrep Supply Chain’s reachability analysis
Achieving a remarkable 100% fix rate using Semgrep Code’s (SAST) custom rules
Leveraging Semgrep Assistant, an AI-powered tool, for enhanced understanding and efficient remediation of vulnerabilities.
Implementing Semgrep’s IDE extensions to proactively address security concerns at an early stage, thereby promoting shift-left approach.

Watch the detailed conversation on YouTube.

How Tide transitioned to developer-first security

Share

Dive deeper into or continue reading our featured posts.

Mythos: Bad Takes, Facts, and Fear

Will there be more security engineers in the future, or fewer?

Introducing Semgrep Custom Workflows

Find and fix the issues that matter before build time