Training 201: Understanding Reachability on Github with Semgrep Supply Chain

November 28th, 2023

For security teams looking to detect and action based on whether a vulnerable function within a vulnerable open source dependency is being used in their code, Semgrep Supply Chain’s reachability analysis cuts down the noise and helps prioritize such reachable security issues.

Join us as we cover: 

  • How open source dependency scanning tools have been traditionally ineffective in separating the noise from actionable findings in GitHub

  • What is a reachable finding in Semgrep Supply Chain 

  • A demo showing how to prioritize security issues in GitHub-hosted repositories

David Whitlow
Semgrep
Head of Solutions Engineering