Semgrep Product Updates

SBOM export (in public beta) is now supported on any repository that Semgrep Supply Chain scans. Users can export SBOM in CycloneDX v1.4 standard in JSON or XML format.
Learn more

Semgrep Supply Chain public API release; users can list all their Supply Chain Vulnerabilities and list all their Dependencies in a raw list or with respect to their repositories and lockfiles.

Semgrep Supply Chain can now find reachable vulnerabilities in C# dependencies. Along with C#, we also added lockfile-only support for PHP. Semgrep Supply Chain now supports C#, Go, Java, JavaScript, PHP, Python, Rust, and Ruby.

Use Semgrep’s plugin for IntelliJ products (AppCode, Aqua, CLion, DataSpell, DataGrip, GoLand, IntelliJ IDEA Ultimate, PhpStorm, PyCharm Professional, Rider, RubyMine, RustRover, WebStorm) to scan for Semgrep Code and Supply Chain vulnerabilities.

The findings page, in group by rule view, now has an assistant recommendation filter. When you filter to recommended ignores, we now show Assistant's explanation inline. Pressing 'Agree' there will automatically ignore the finding.

Learn more

Semgrep Assistant (Semgrep’s AI integration) now supports GitLab and GitLab self-managed. Check out the documentation.

Semgrep Code’s support for Rust is now GA (Checkout our 70+ new Pro rules for Rust).
Semgrep Code’s support for Swift is now beta (Checkout our 50+ new Pro rules for Swift).

Use the Jira, Asana, or Linear integration to create tickets for Semgrep Code and Supply Chain findings easily.