Sign InProduct SupportContact Us
SCA Background
Resource Hub

Semgrep Resource Hub

Learn about finding vulnerabilities, running security scans in CI, customizing the developer experience, and more.

SearchBox Icon
Featured Article
Comparing Reachability Analysis methods: Semgrep's distinct approach
In this blog post, we'll go over the different methods of reachability analysis, the pros and cons of each, and why we think Semgrep's is the most effective and pragmatic when it comes to prioritizing software supply chain vulnerabilities.
Kyle Kelly
Kyle Kelly,
January 17, 2024
Photo by Andrik Langfield on Unsplash
Comparing Reachability Analysis methods: Semgrep's distinct approach
In this blog post, we'll go over the different methods of reachability analysis, the pros and cons of each, and why we think Semgrep's is the most effective and pragmatic when it comes to prioritizing software supply chain vulnerabilities.
Kyle Kelly
Kyle Kelly,
January 17, 2024
Featured Event
Building a Successful Security Champions Program: What Does it Take?
Join us for an insightful and interactive event, "Building a Successful Security Champions Program: What Does it Take?" where you'll have the opportunity to learn from a panel of experienced AppSec veterans, Chris Romeo, Dustin Lehr, Devin Rudnicki, Ray LeBlanc and host Tanya Janca, who have successfully implemented security champions programs.
Default Blog Thumbnail
Featured Article
Comparing Reachability Analysis methods: Semgrep's distinct approach
In this blog post, we'll go over the different methods of reachability analysis, the pros and cons of each, and why we think Semgrep's is the most effective and pragmatic when it comes to prioritizing software supply chain vulnerabilities.
Kyle Kelly
Kyle Kelly,
January 17, 2024
Photo by Andrik Langfield on Unsplash
Comparing Reachability Analysis methods: Semgrep's distinct approach
In this blog post, we'll go over the different methods of reachability analysis, the pros and cons of each, and why we think Semgrep's is the most effective and pragmatic when it comes to prioritizing software supply chain vulnerabilities.
Kyle Kelly
Kyle Kelly,
January 17, 2024
Featured Event
Building a Successful Security Champions Program: What Does it Take?
Join us for an insightful and interactive event, "Building a Successful Security Champions Program: What Does it Take?" where you'll have the opportunity to learn from a panel of experienced AppSec veterans, Chris Romeo, Dustin Lehr, Devin Rudnicki, Ray LeBlanc and host Tanya Janca, who have successfully implemented security champions programs.
Default Blog Thumbnail
Featured Article
Comparing Reachability Analysis methods: Semgrep's distinct approach
In this blog post, we'll go over the different methods of reachability analysis, the pros and cons of each, and why we think Semgrep's is the most effective and pragmatic when it comes to prioritizing software supply chain vulnerabilities.
Kyle Kelly
Kyle Kelly,
January 17, 2024
Photo by Andrik Langfield on Unsplash
Comparing Reachability Analysis methods: Semgrep's distinct approach
In this blog post, we'll go over the different methods of reachability analysis, the pros and cons of each, and why we think Semgrep's is the most effective and pragmatic when it comes to prioritizing software supply chain vulnerabilities.
Kyle Kelly
Kyle Kelly,
January 17, 2024
Featured Event
Building a Successful Security Champions Program: What Does it Take?
Join us for an insightful and interactive event, "Building a Successful Security Champions Program: What Does it Take?" where you'll have the opportunity to learn from a panel of experienced AppSec veterans, Chris Romeo, Dustin Lehr, Devin Rudnicki, Ray LeBlanc and host Tanya Janca, who have successfully implemented security champions programs.
Default Blog Thumbnail
AllSolutionBlogVideosEventsSolution briefs

Browse by Solution

pencil-diamond-green

Community Rules

pencil-diamond-green

Semgrep OSS

pencil-diamond-green

Pro Rules

engine-dark

Semgrep Pro Engine

Showing 22 of 167 results for ""

Blog

View all blog posts
semgrep rule feature image
Best practices
January 29, 2024
Enhancing developer happiness: The impact of identifying code-specific issues
Pieter De Cremer
Pieter De Cremer
Semgrep secrets featured image
Announcements
October 24, 2023
Go beyond regex: introducing Semgrep Secrets
Raghav Jain
Raghav Jain
Photo by Andrik Langfield on Unsplash
Security
January 17, 2024
Comparing Reachability Analysis methods: Semgrep's distinct approach
Kyle Kelly
Kyle Kelly
gpt4-1
Security
April 04, 2023
We put GPT-4 in Semgrep to point out false positives & fix code
Bence Nagy
Bence Nagy
PromQL
Security
August 08, 2023
Guardrails for PromQL using Semgrep
Michael Hoffman -1
Michael Hoffmann
Blog Card - image
Announcements
October 04, 2022
It's time to ignore 98% of dependency alerts. Introducing Semgrep Supply Chain.
Adam Berman
Adam Berman
birth of Semgrep Pro Engine feature image
Development
April 10, 2023
The birth of Semgrep Pro Engine
emma jin headshotcolleen dai headshot
Colleen Dai,Emma Jin
xml-java
Security
January 17, 2023
XML Security in Java
Pieter De Cremer
Pieter De Cremer

Videos

View all videos
Coding with Manicodeplay-icon
Clint Collabs with Jim Manico: How to Prevent Broken Access Controls

Watch this recording to learn tips and tricks about how to prevent Broken Access Control from entering your code with Clint Gibler, Creator of tl;dr sec, and Jim Manico, Founder of Manicode.

Clint Gibler
Clint Gibler
March 16, 202361 min video
semgrep placeholder imageplay-icon
Semgrep Code Tour

Go on a tour of Semgrep Code with Product Manager, Raghav Jain!

Teams looking to build a scalable SAST program with the customizability and speed of the Semgrep open-source engine can now enjoy the extended functionality you get with Semgrep Code. With Semgrep Code, you'll get:

- a more powerful code analysis

- developer workflow integrations,

- and necessary feedback loops to ensure that vulnerabilities are not just detected but actually get fixed.

Check out how Semgrep Code works!

To learn more, visit: semgrep.dev/products/semgrep-code

Raghav Jain
Raghav Jain
February 13, 20232 min video
semgrep placeholder imageplay-icon
Semgrep Pro Engine Tour

Take a tour of Semgrep's new Pro Engine with Product Manager, Milan Williams. Semgrep Pro Engine is our new advanced analysis system uniquely designed to refine and enhance your results.

Milan explains the two core concepts behind the powerful Semgrep Pro Engine - interfile analysis and dataflow analysis - and how they work together to reduce noise and add explainability for better results.

To learn more, visit: semgrep.dev/products/pro-engine

Milan Williams
Milan Williams
February 16, 20233 min video
announcing-semgrep-codeplay-icon
Security
Management
Announcing Semgrep Code

Semgrep co-founders Isaac Evans and Luke O’Malley announce the latest from Semgrep: Semgrep Code, powered by Pro Engine and Pro rules.

Isaac and Luke share stories about the early days of Semgrep, the impact of Artificial Intelligence and Machine Learning on security engineers, and their vision for the future of the security industry.

To learn more, visit: get.semgrep.dev/product-tour

Isaac EvansLuke O'Malley
Luke O'Malley,Isaac Evans
February 16, 2023
semgrep placeholder imageplay-icon
Reachability analysis in Semgrep Supply Chain

Bence Nagy, Senior Software Engineer, explains 'reachability', a core concept of Semgrep Supply Chain. Semgrep Supply Chain helps you fix the security issues caused by your dependencies, but without flooding you with alerts.

So let's look at what reachability analysis is, and how it lets you prioritize the 2% of alerts that count!

To learn more, visit: semgrep.dev/product/semgrep-supply-chain

Bence Nagy
Bence Nagy
October 04, 2022

Events

View all events
Philip Ayoub Headshot

On-DemandGlobal

How Yext built a vulnerability management program from scratch using Semgrep

In this webinar, Philip Ayoub, Application Security Engineer at Yext, discusses how he built tooling for vulnerability management from scratch using Semgrep and Snowflake.

Watch On-Demand
Andy Huang Headshot

On-DemandGlobal

Training 101: Intro to Semgrep Supply Chain

Learn more about Semgrep Supply Chain and how you can quickly scan for reachable vulnerabilities in your code.

Watch On-Demand
Chris Hughes clint collabs headshots

WebinarGlobal

Clint Collabs: Chris Hughes and Securing your Software Supply Chain

Join our next Clint Collab session as we interview Chris Hughes on Securing your Software Supply Chain

RSVP Now
David Whitlow Headshot

On-DemandGlobal

Training 201: Understanding Reachability on GitHub with Semgrep Supply Chain

Semgrep Supply Chain’s reachability analysis cuts down the noise and helps prioritize such reachable security issues.

Watch On-Demand
Jacob Brackett Headshot

On-DemandGlobal

How Merge finds and fixes vulnerabilities that matter

For the team at Merge.dev, they use Semgrep to easily triage and action on new vulnerabilities in their code. 

Watch On-Demand
Milan Williams Headshot

On-DemandGlobal

Training 101: Intro to Pro Engine

Semgrep Pro Engine further enables teams by allowing them to analyze code across files using taint analysis, constant propagation, and other advanced analysis methods. 

Watch On-Demand

Solution briefs

pdf
Semgrep Supply Chain Solution BriefSCA solution briefView PDF
pdf
Semgrep Code Solution BriefSemgrep Code Solution BriefView PDF
pdf
Semgrep Secrets Solution BriefSemgrep Secrets Solution BriefView PDF
Semgrep Logo

Make shift left work

4.5 Stars

Products

Semgrep Code
Semgrep Supply Chain
Semgrep AppSec Platform
Semgrep Pro Engine

Community

Blog

Resources

Docs
ROI Calculator
Pricing
Getting Started With Semgrep
Registry
Playground
Book a demo
Help Center

Company

About
Careers
Contact us
Twitter-logo-greenSlack-logo-greenGitHub-logo-greenYoutube-logo-green

© 2024 Semgrep, Inc. Semgrep is a registered trademark of Semgrep, Inc.

TermsPrivacy