Semgrep Product Updates

Semgrep Assistant (Semgrep’s AI integration) can now categorize and tag findings based on the component they are found in. Users can use these tags to prioritize findings (only show findings related to user authentication, PII, etc.).

Learn more

Learn more

Semgrep's VSCode extension (v1.6.2+) can run natively on Windows. Semgrep Platform uses LSP.js as a way of supporting Semgrep on Windows.

Learn more

Go, Java, Javascript, and Typescript’s interfile analysis support is now GA. All cross-functional analysis language support is now GA.

Learn more

Users can now scan C# projects with Semgrep Code’s Pro Engine, leveraging advanced interfile analysis to uncover more complex vulnerabilities while reducing noise. 

SBOM export (in public beta) is now supported on any repository that Semgrep Supply Chain scans. Users can export SBOM in CycloneDX v1.4 standard in JSON or XML format.
Learn more

Semgrep Supply Chain public API release; users can list all their Supply Chain Vulnerabilities and list all their Dependencies in a raw list or with respect to their repositories and lockfiles.

Semgrep Supply Chain can now find reachable vulnerabilities in C# dependencies. Along with C#, we also added lockfile-only support for PHP. Semgrep Supply Chain now supports C#, Go, Java, JavaScript, PHP, Python, Rust, and Ruby.

Use Semgrep’s plugin for IntelliJ products (AppCode, Aqua, CLion, DataSpell, DataGrip, GoLand, IntelliJ IDEA Ultimate, PhpStorm, PyCharm Professional, Rider, RubyMine, RustRover, WebStorm) to scan for Semgrep Code and Supply Chain vulnerabilities.

The findings page, in group by rule view, now has an assistant recommendation filter. When you filter to recommended ignores, we now show Assistant's explanation inline. Pressing 'Agree' there will automatically ignore the finding.

Learn more