Customer Success Story

How Tide transitioned to developer-first security

  • Democratized security with the help of security champions and developers

  • Reduced noise in detecting supply chain vulnerabilities by 80% using Semgrep's reachability analysis

  • Achieved 100% fix rate for issues found using Semgrep's custom rules

Tide white

In this video case study, Devyani Vij, Sr. Product Security Engineer at Tide, discusses how enables her team to deploy a secure SDLC model that empowers developers to understand security issues and make long term improvements to their coding decisions.

Devyani talks about:

  • Embedding tools in the SDLC process so that each step of SDLC is secured

  • Choosing security products that are developer-first

  • Successfully implementing a Security Champions program, democratizing security and fostering its widespread adoption

  • Reducing false positives in Software Composition Analysis (SCA) by 80% using Semgrep Supply Chain’s reachability analysis

  • Achieving a remarkable 100% fix rate using Semgrep Code’s (SAST) custom rules

  • Leveraging Semgrep Assistant, an AI-powered tool, for enhanced understanding and efficient remediation of vulnerabilities.

  • Implementing Semgrep’s IDE extensions to proactively address security concerns at an early stage, thereby promoting shift-left approach.

Watch the detailed conversation on YouTube.


Semgrep Logo

Semgrep lets security teams partner with developers and shift left organically, without introducing friction. Semgrep gives security teams confidence that they are only surfacing true, actionable issues to developers, and makes it easy for developers to fix these issues in their existing environments.

Find and fix the issues that matter before build time

Semgrep helps organizations shift left without the developer productivity tax.

Get started in minutesBook a demo