7 docs tagged with "Semgrep Supply Chain"

Receive notifications about reachable findings from your Semgrep Supply Chain scans.

Glossary of terms related to software composition analysis and Semgrep Supply Chain.

Prevent unwanted noise when scanning for dependency vulnerabilities by ignoring lockfiles or code files.

Scan your codebase's open source dependencies with Semgrep Supply Chain's high-signal rules that determine a vulnerability's reachability.

Learn how Semgrep leverages its engine to scan open source dependencies with high-signal rules.

Semgrep supports more than two dozen languages. Learn about generally available, beta, and experimentally supported languages.

Perform triage and remediation of dependency vulnerabilities through Semgrep Supply Chain.