Skip to main content

September 2023

ยท 5 min read

The following updates were made to Semgrep in September 2023.

info
  • Moving forward, these release notes cover the following products:
    • Semgrep Cloud Platform
    • Semgrep Code
    • Semrep Supply Chain
    • Semgrep Assistant (beta)
    • Semgrep documentation and knowledge base
  • Refer to Semgrep OSS release notes in Semgrep GitHub > Releases as the source of truth for OSS releases.

Private beta sign-upsโ€‹

  • Semgrep Secrets is a code scanner that detects exposed API keys, passwords, and other credentials. Sign up for the private beta by filling out the Semgrep Secrets Beta form.
  • Semgrep Supply Chain SBOM (software bill of materials) enables you to export a list of dependencies in the CycloneDX 1.4 XML/JSON format. Sign up for the private beta by filling out the SSC SBOM Export form.

๐Ÿ”ง Semgrep OSS Engineโ€‹

๐ŸŒ Semgrep Cloud Platformโ€‹

Addedโ€‹

  • UX: Added a new onboarding flow. This onboarding flow streamlines the following steps to ensure that users are able to quickly set up Semgrep scans:
    • Deployment creation. The Semgrep team has made improvements to Semgrep account creation and connecting your source code manager, such as GitHub or GitLab.
    • Onboarding checklist. This helps you troubleshoot and resolve any issues early on in your journey.
    • Tour of features. Make the most of your Semgrep experience by learning what features are available to you.
  • Logging into Semgrep Cloud Platform through the CLI associates your CLI user ID to your Semgrep Cloud Platform account. See the Anonymous User ID section for more details.

Changedโ€‹

  • SCM configuration: Improved the Delete message when deleting SCMs, so that you are aware of the implications of removing an SCM. Many major Semgrep features rely on a connection with your source code manager, so take care when deleting SCMs.
  • GitHub: Semgrep no longer automatically associates a new user's Semgrep organization with their personal GitHub account. New users can still connect their Semgrep organization with their personal account.

Fixedโ€‹

  • GitLab: Fixed the GitLab CI sample configuration file to help users onboard GitLab repositories more clearly. In particular, the configuration file now includes the GITLAB_TOKEN environment variable, which was previously only in the docs.
  • Fixed a timeout issue when syncing large numbers (15,000+) of GitHub repositories in Semgrep Cloud Platform.
  • Fixed performance issues when synchronizing Semgrep Cloud Platform Projects with their corresponding GitHub repositories

๐Ÿ’ป Semgrep Codeโ€‹

Changedโ€‹

  • Findings page: By default, the findings page now displays findings from default (trunk or main) branches. You can customize this filter by selecting a value from the Branch drop-down menu.

Fixedโ€‹

  • Various UX/UI bugfixes in the Findings page.

โ›“๏ธ Semgrep Supply Chainโ€‹

Addedโ€‹

  • Filtering: Allow users to select more than one branch at a time.

๐Ÿค– Semgrep Assistant (beta)โ€‹

Addedโ€‹

  • GitLab: Semgrep Assistant now supports GitLab cloud hosted and self-managed repositories.
  • Findings page: Semgrep Assistant verdicts now appear in the Findings page if Assistant recommends that the finding should be Ignored. Sample finding entry with Semgrep Assistant verdict
  • Finding Details page: For findings with autofixes, the finding's detail page includes a link to the PR comment with the autofix since the PR comment allows for directly committing the autofix.

Fixedโ€‹

  • GitLab: Fixed a bug in which comments were not appearing on GitLab.com cloud-hosted repositories.

๐Ÿ“ Documentation and knowledge baseโ€‹

Addedโ€‹

Changedโ€‹

Removedโ€‹

  • Semgrep CLI autocomplete documentation has been removed.