Skip to main content

September 2023 release notes

info
  • Moving forward, these release notes cover the following products:
    • Semgrep Cloud Platform
    • Semgrep Code
    • Semrep Supply Chain
    • Semgrep Assistant (beta)
    • Semgrep documentation and knowledge base
  • Refer to Semgrep OSS release notes in Semgrep GitHub > Releases as the source of truth for OSS releases.

Private beta sign-upsโ€‹

  • Semgrep Secrets is a code scanner that detects exposed API keys, passwords, and other credentials. Sign up for the private beta by filling out the Semgrep Secrets Beta form.
  • Semgrep Supply Chain SBOM (software bill of materials) enables you to export a list of dependencies in the CycloneDX 1.4 XML/JSON format. Sign up for the private beta by filling out the SSC SBOM Export form.

๐Ÿ”ง Semgrep OSS Engineโ€‹

๐ŸŒ Semgrep Cloud Platformโ€‹

Addedโ€‹

  • UX: Added a new onboarding flow. This onboarding flow streamlines the following steps to ensure that users are able to quickly set up Semgrep scans:
    • Deployment creation. The Semgrep team has made improvements to Semgrep account creation and connecting your source code manager, such as GitHub or GitLab.
    • Onboarding checklist. This helps you troubleshoot and resolve any issues early on in your journey.
    • Tour of features. Make the most of your Semgrep experience by learning what features are available to you.
  • Logging into Semgrep Cloud Platform through the CLI associates your CLI user ID to your Semgrep Cloud Platform account. See the Anonymous User ID section for more details.

Changedโ€‹

  • SCM configuration: Improved the Delete message when deleting SCMs, so that you are aware of the implications of removing an SCM. Many major Semgrep features rely on a connection with your source code manager, so take care when deleting SCMs.
  • GitHub: Semgrep no longer automatically associates a new user's Semgrep organization with their personal GitHub account. New users can still connect their Semgrep organization with their personal account.

Fixedโ€‹

  • GitLab: Fixed the GitLab CI sample configuration file to help users onboard GitLab repositories more clearly. In particular, the configuration file now includes the GITLAB_TOKEN environment variable, which was previously only in the docs.
  • Fixed a timeout issue when syncing large numbers (15,000+) of GitHub repositories in Semgrep Cloud Platform.
  • Fixed performance issues when synchronizing Semgrep Cloud Platform Projects with their corresponding GitHub repositories

๐Ÿ’ป Semgrep Codeโ€‹

Changedโ€‹

  • Findings page: By default, the findings page now displays findings from default (trunk or main) branches. You can customize this filter by selecting a value from the Branch drop-down menu.

Fixedโ€‹

  • Various UX/UI bugfixes in the Findings page.

โ›“๏ธ Semgrep Supply Chainโ€‹

Addedโ€‹

  • Filtering: Allow users to select more than one branch at a time.

๐Ÿค– Semgrep Assistant (beta)โ€‹

Addedโ€‹

  • GitLab: Semgrep Assistant now supports GitLab cloud hosted and self-managed repositories.
  • Findings page: Semgrep Assistant verdicts now appear in the Findings page if Assistant recommends that the finding should be Ignored. Sample finding entry with Semgrep Assistant verdict
  • Finding Details page: For findings with autofixes, the finding's detail page includes a link to the PR comment with the autofix since the PR comment allows for directly committing the autofix.

Fixedโ€‹

  • GitLab: Fixed a bug in which comments were not appearing on GitLab.com cloud-hosted repositories.

๐Ÿ“ Documentation and knowledge baseโ€‹

Addedโ€‹

Changedโ€‹

Removedโ€‹

  • Semgrep CLI autocomplete documentation has been removed.

Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.