Home IconResource Hub

Semgrep’s Resource Hub

View Semgrep’s resources about finding bugs, running security scans in CI, and more to learn more about what our products can offer you.

SearchBox Icon
Featured Article
Blog Security We put GPT 4 in Semgrep to point out false positives & fix code We put GPT-4 in Semgrep to point out false positives & fix code
Semgrep is a code search tool that many use for security scanning (SAST). We added GPT-4 to our cloud service to ask which Semgrep findings matter before we notify developers, and on our internal projects, it seemed to reason really well about this task. We also tried to have it automatically fix these findings, and its output is often correct.
Bence Nagy
Bence Nagy,
April 04, 2023
Semgrep Thumbnail
Semgrep Thumbnailplay-icon
Featured Video
Semgrep Code Tour
Go on a tour of Semgrep Code with Product Manager, Raghav Jain!
Raghav Jain
Raghav Jain,
April 20, 20232 mins min video
Featured Event
Semgrep on Tour
Join us for one of our upcoming Security Community Roadshow Events!
Semgrep On Tour
Featured Article
Blog Security We put GPT 4 in Semgrep to point out false positives & fix code We put GPT-4 in Semgrep to point out false positives & fix code
Semgrep is a code search tool that many use for security scanning (SAST). We added GPT-4 to our cloud service to ask which Semgrep findings matter before we notify developers, and on our internal projects, it seemed to reason really well about this task. We also tried to have it automatically fix these findings, and its output is often correct.
Bence Nagy
Bence Nagy,
April 04, 2023
Semgrep Thumbnail
Semgrep Thumbnailplay-icon
Featured Video
Semgrep Code Tour
Go on a tour of Semgrep Code with Product Manager, Raghav Jain!
Raghav Jain
Raghav Jain,
April 20, 20232 mins min video
Featured Event
Semgrep on Tour
Join us for one of our upcoming Security Community Roadshow Events!
Semgrep On Tour
Featured Article
Blog Security We put GPT 4 in Semgrep to point out false positives & fix code We put GPT-4 in Semgrep to point out false positives & fix code
Semgrep is a code search tool that many use for security scanning (SAST). We added GPT-4 to our cloud service to ask which Semgrep findings matter before we notify developers, and on our internal projects, it seemed to reason really well about this task. We also tried to have it automatically fix these findings, and its output is often correct.
Bence Nagy
Bence Nagy,
April 04, 2023
Semgrep Thumbnail
Semgrep Thumbnailplay-icon
Featured Video
Semgrep Code Tour
Go on a tour of Semgrep Code with Product Manager, Raghav Jain!
Raghav Jain
Raghav Jain,
April 20, 20232 mins min video
Featured Event
Semgrep on Tour
Join us for one of our upcoming Security Community Roadshow Events!
Semgrep On Tour
AllSolutionsBlogVideosEventsPDFs

Browse by Solutions

pencil-diamond-green

Community Rules

pencil-diamond-green

Semgrep OSS

pencil-diamond-green

Pro Rules

engine-dark

Semgrep Pro Engine

Showing 20 of 128 results for ""

Blog

Blog Card - image
Announcements
October 04, 2022
It's time to ignore 98% of dependency alerts. Introducing Semgrep Supply Chain.
Adam Berman
Adam Berman
PromQL
Security
August 08, 2023
Guardrails for PromQL using Semgrep
Michael Hoffman -1
Michael Hoffmann
gpt4-1
Security
April 04, 2023
We put GPT-4 in Semgrep to point out false positives & fix code
Bence Nagy
Bence Nagy
Blog Thumbnail 11 (1)
Announcements
June 06, 2023
Unlocking advanced security for all: Semgrep’s latest update
Luke O'Malley
Luke O'Malley
xml-java
Security
January 17, 2023
XML Security in Java
Pieter De Cremer
Pieter De Cremer
birth of Semgrep Pro Engine feature image
Development
April 10, 2023
The birth of Semgrep Pro Engine
Emma JinColleen Dai
Colleen Dai,Emma Jin
semgrep placeholder image
Security
June 19, 2020
Hardcoded secrets, unverified tokens, and other common JWT mistakes
Vasilii Ermilov
Vasilii Ermilov

Videos

announcing-semgrep-codeplay-icon
Security
Management
Announcing Semgrep Code

Semgrep co-founders Isaac Evans and Luke O’Malley announce the latest from Semgrep: Semgrep Code, powered by Pro Engine and Pro rules.

Isaac and Luke share stories about the early days of Semgrep, the impact of Artificial Intelligence and Machine Learning on security engineers, and their vision for the future of the security industry.

To learn more, visit: get.semgrep.dev/product-tour

Isaac EvansLuke O'Malley
Luke O'Malley,Isaac Evans
February 16, 2023
Coding with Manicodeplay-icon
Clint Collabs with Jim Manico: How to Prevent Broken Access Controls

Watch this recording to learn tips and tricks about how to prevent Broken Access Control from entering your code with Clint Gibler, Creator of tl;dr sec, and Jim Manico, Founder of Manicode.

Clint Gibler
Clint Gibler
March 16, 202361 min video
semgrep placeholder imageplay-icon
Semgrep Pro Engine Tour

Take a tour of Semgrep's new Pro Engine with Product Manager, Milan Williams. Semgrep Pro Engine is our new advanced analysis system uniquely designed to refine and enhance your results.

Milan explains the two core concepts behind the powerful Semgrep Pro Engine - interfile analysis and dataflow analysis - and how they work together to reduce noise and add explainability for better results.

To learn more, visit: semgrep.dev/products/pro-engine

Milan Williams
Milan Williams
February 16, 20233 min video
semgrep placeholder imageplay-icon
Reachability analysis in Semgrep Supply Chain

Bence Nagy, Senior Software Engineer, explains 'reachability', a core concept of Semgrep Supply Chain. Semgrep Supply Chain helps you fix the security issues caused by your dependencies, but without flooding you with alerts.

So let's look at what reachability analysis is, and how it lets you prioritize the 2% of alerts that count!

To learn more, visit: semgrep.dev/product/semgrep-supply-chain

Bence Nagy
Bence Nagy
October 04, 2022
semgrep placeholder imageplay-icon
Semgrep Code Tour

Go on a tour of Semgrep Code with Product Manager, Raghav Jain!

Teams looking to build a scalable SAST program with the customizability and speed of the Semgrep open-source engine can now enjoy the extended functionality you get with Semgrep Code. With Semgrep Code, you'll get:

- a more powerful code analysis

- developer workflow integrations,

- and necessary feedback loops to ensure that vulnerabilities are not just detected but actually get fixed.

Check out how Semgrep Code works!

To learn more, visit: semgrep.dev/products/semgrep-code

Raghav Jain
Raghav Jain
February 13, 20232 min video

Events

Introduction to Semgrep Supply Chain

On-DemandGlobal

Training 101: Intro to Semgrep Supply Chain

Learn more about Semgrep Supply Chain and how you can quickly scan for reachable vulnerabilities in your code.

Image says: Building an Application Security ProgramSeptember 29, 2023

VirtualGlobal

Building An Application Security Program, Level 1

Building An Application Security Program, with host Tanya Janca

Semgrep On Tour

In-PersonUS & Canada

Semgrep on Tour

Join us for a hands-on workshop covering everything from easily writing custom rules to scanning for code and open source dependencies.

How Merge finds and fixes vulnerabilities that matter

On-DemandGlobal

How Merge finds and fixes vulnerabilities that matter

For the team at Merge.dev, they use Semgrep to easily triage and action on new vulnerabilities in their code. 

Understanding Reachability on Github

On-DemandGlobal

Training 201: Understanding Reachability on Github with Semgrep Supply Chain

Semgrep Supply Chain’s reachability analysis cuts down the noise and helps prioritize such reachable security issues.

Intro to Pro Engine

On-DemandGlobal

Training 101: Intro to Pro Engine

Semgrep Pro Engine further enables teams by allowing them to analyze code across files using taint analysis, constant propagation, and other advanced analysis methods. 

PDFs

pdf
Semgrep Supply Chain Solution BriefSCA solution briefView PDF view pdf
pdf
Semgrep Code Solution BriefLorem ipsum dolor sit amet, consectetur adipiscing elit. View PDF view pdf

Subscribe to our events newsletter

Don’t miss out on upcoming Semgrep events

Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Semgrep Logo

Code analysis at ludicrous speed

Products

Semgrep Code
Semgrep Supply Chain
Semgrep Cloud Platform
Semgrep Pro Engine

Community

Blog

Resources

Docs
ROI Calculator
Pricing
Getting Started With Semgrep
Registry
Playground
Book a demo
Help Center

Company

About
Careers
Contact us
Twitter-logo-greenSlack-logo-greenGitHub-logo-greenYoutube-logo-green

© 2023 Semgrep, Inc. Semgrep is a registered trademark of Semgrep, Inc.

TermsPrivacy