- Semgrep Code
  Find and fix the issues that matter in your code (SAST)
- Semgrep Supply Chain
  Fix vulnerabilities in open source dependencies and block malware
- Semgrep Secrets
  Find and fix hardcoded secrets with semantic analysis
- Semgrep AppSec Platform
  Automate, manage, and enforce security across your organization
- Semgrep Workflows
  Build and deploy security pipelines that combine static analysis with AI at scale
- Product Updates
  Stay up to date on changes to the Semgrep platform, big and small
- Secure Vibe Coding
  Secure your code, no matter who (or what) writes it.
- Open-Source Malware Protection
  Protect against software supply chain attacks
- Static application security testing
  Increase security while accelerating development
- OWASP Top 10
  Prevent the most critical web application security risks
- Secure Guardrails
  Protect Your Code with Secure Guardrails
- Fintech
  Mitigate software supply chain risks
- SaaS & Cloud
  Increase security while accelerating development
- Docs
  Want to read all the docs? Start here
- Blog
  Get the latest news about Semgrep
- ROI Calculator
  See how Semgrep can save you time and money
- Community Slack
  Join the friendly Slack group to ask questions or share feedback
- Events
  Join us at a Semgrep Event!
- Case Studies
  See why users love Semgrep
- Video Library
  View our library of on-demand webinars
- Community Edition
- About
  The Semgrep story & values
- Careers
  Join the team!
- Partners
  Become a Semgrep partner
Pricing
Sign in
Product support
Contact us
Book demo Try for free

False Positive Challenge

Switch Off the Noise

Semgrep Multimodal automatically triages false positives for you at human-level accuracy: users agree with triage decisions 96% of the time.

TL;DR: Semgrep does a ton of work for you, and it's accurate enough to be trusted with that work.

Here's your challenge: can you outsmart Multimodal and find an incorrectly labeled false positive?

Take the challenge

How to particpate

Take the challenge in 10 minutes

Sign up for a free Semgrep account

Get started with our free tier and access everything you'll need for the challenge.

Run a scan with Semgrep Managed Scanning

Run a scan on at least one repository with Semgrep Managed Scanning - local scans won't work.

Run Multimodal Auto-triage

Run Multimodal's AI analysis on your scan results. You can also schedule a call with one of our product experts to walk you through how to do this.

Find a mistake and get your Switch 2!

We'll schedule a short call so you can walk our team through the false positive. Have fun with your new Switch 2!

False positives commonly filtered out by Semgrep Multimodal Auto-triage

Data source is trusted

”This url is constructed from data controlled by Acme Corp.”

“The FooBar service is trusted.”

"This is an internal service fully controlled by Acme Corp."

Taint data is sanitized

“At ACME Corp, functions with cleanse, sanitize, or clean in the name (like utils.clean) indicate user-controlled data has been properly sanitized.”

Code not exposed to attackers

“FooBar project only contains development credentials. If a finding flags credentials from this project, ignore it unless they are production-related."

How to claim your prize

Get your Nintendo Switch!

Identify an incorrectly labeled false positive.
Send the finding details to zerofalsepositives@semgrep.com
We'll set up a call so you can walk us through your finding.
If it qualifies, we'll mail you your new Switch 2!

Ready to switch off the noise? Start scanning today.

Take the challenge