A fast, open-source, static analysis tool for profoundly improving software security and reliability.

only on your local machine
We're thrilled to announce our partnership with @Replit to bring you Secure Vibe Coding. Now you can scan, find, and fix vulnerabilities before you deploy — all in your browser. Code faster, code smarter, and ship with confidence. Why It Matters: 🔍 Real-time vulnerability scanning during development ⚡️ Instant fixes for secure deployment 🔗 Seamless integration with Replit’s collaborative coding environment Better Together: With Replit’s intuitive platform and Semgrep’s powerful security scanning, you can build securely, ship confidently, and vibe code without compromise. 👉 Learn More → semgrep.dev/blog/2025/replit… #AppSec #DevSecOps #SecureCoding #CodeSecurity #ShiftLeft #Cybersecurity #SecureVibeCoding
6
27
171
83,691
🥳 Big news: we’re launching Semgrep Supply Chain to find reachable vulnerable dependencies in your code. We’ve seen teams struggle w/ dependency vulnerabilities and heard software composition analysis (SCA) tools are “false positive factories.” r2c.dev/blog/2022/introducin… 🧵 1/4
5
54
139
🚨A very popular GitHub Action, tj-actions/changed-files, has been compromised with a payload that appears to attempt to dump secrets, impacting thousands of CI pipelines. If you’re using this action, we recommend you stop using it immediately. More here including how to search across all the GitHub Actions used in your org: semgrep.dev/blog/2025/popula…
3
66
129
37,338
We are thrilled to announce that @wehackpurple is joining forces with Semgrep! Tanya Janca, @shehackspurple, has trained thousands of AppSec professionals and built an amazing community—with Semgrep she’ll continue that great work. Read more here: go.semgrep.dev/47dJxiJ
8
15
72
35,053
🥳 Big news today! We’ve raised $53M in Series C funding, led by @lightspeedvp and with the support of @felicis, @redpoint and @sequoia. More from our CEO, @0xine: semgrep.dev/blog/2023/series…
10
16
74
31,926
⭐ Semgrep just passed 2,000 GitHub stars, yay! 📣 Today we’re thrilled to introduce Semgrep Community and announce our Series A funding from @redpointvc and @sequoia. 🙏 Thanks to all who’ve supported us along the way. We’re grateful and humbled. More: r2c.dev/blog/2020/introducin…
1
18
65
🤔 How can you prove your web app doesn’t have XSS? 🤖 Check out these new cheat sheets for Django, Flask, Java/JSP, and Rails. Each includes a single Semgrep command to scan your code for XSS issues. 📓 Instructions on how to run them: r2c.dev/blog/2021/xss-cheat-…
2
31
65
🔥 Semgrep is officially live on Cursor! You can now harness the power of @semgrep directly in your AI coding assistant, combining fast, accurate static analysis with LLMs to help developers ship code that’s secure from the start, fast. From securing code at leading AI companies to joining the @cursor_ai tools ecosystem, Semgrep is becoming essential for dev-first security in the modern stack. Shoutout to our team for making this integration happen, and to our customers, partners, and community for pushing us forward 🚀 docs.cursor.com/tools/mcp #Cursor #AppSec #DeveloperTools #SecureCoding #LLM #StaticAnalysis
1
9
54
11,075
In case you missed it — Hardcoded secrets, unverified tokens, and other common JWT mistakes: @ermil0v shares what he learned from bug-hunting 2,000 npm modules: r2c.dev/blog/2020/hardcoded-…
1
12
49
Community member spotlight on.... Marco Ivaldi, aka @0xdea! We retweeted a blog post he wrote earlier this week on pen testing binaries with Semgrep, but he's also written a wealth of C++ rules (35!) to catch vulnerabilities: security.humanativaspa.it/se… THANK YOU, @0xdea!! #cpp
2
10
49
🤖 Semgrep: now augmented with AI We’re excited to announce the private beta of Semgrep Assistant. Learn how we're using GPT to reduce noise and auto-fix bugs, making it even easier to ship secure code quickly 🧵 go.semgrep.dev/3ZEJFCQ
3
16
49
17,365
🗣Thanks to @RomainJufer, CSO of @avnu_fi, experimental support for Cairo 1.0 has been added to the Semgrep arsenal! Learn more about it here: go.semgrep.dev/3WPVeqT
1
8
37
8,854
🆕 The full power of Semgrep is now available in GitLab! 🤝 Our collab with @gitlab makes Semgrep the GitLab SAST analyzer for JS/TS and Python (& more coming)! ➕ Discuss findings in merge requests, access the rule registry, and add custom rules. 👉 r2c.dev/blog/2021/introducin…
12
40
Two weeks ago we unveiled Semgrep’s integration into GitLab SAST, and today we’re excited to share more news: 🙌 We raised a $27M Series B led by @felicis and also with @redpointvc and @sequoia. Honored to be on your team, @asenkut! More from our CEO: r2c.dev/blog/2021/r2c-series…
13
32
We’re excited to mark a big milestone for Semgrep! 1️⃣ ☝️ 🐣 Announcing the release of Semgrep v1.0! Developing Semgrep has been quite a journey, and we’re humbled by and grateful for the support of the security community. 🙇 On releasing Semgrep 1.0: r2c.dev/blog/2022/semgrep-re…
17
27
🏎️ ‍💨🌟 Look at that velocity!! Semgrep is a mere 100 stars away from overtaking SonarQube on @github! Can you help us get over the line? 🌟 #askYourBarista #askYourDog #over7kStars!
1
3
29
🎙️ "I think of InfoSec roles these days as very similar to an artist, where you have to have a portfolio of work—even if you haven’t had a job yet." — @Jhaddix, @arcanuminfosec In this clip, Jason shares his top advice for breaking into security: 🔹 Build a portfolio through CTFs, online certs & hands-on platforms 🔹 Fill your resume with real-world learning 🔹 Explore starter roles like SOC1, GRC, vuln mgmt, or junior pentesting Watch the full RSAC interview with @Jhaddix and @clintgibler to learn more 👉 piped.video/VsiX-RPoBj4?feature… #AppSec #InfoSec #Cybersecurity #RSAC2025 #Security
8
31
3,470
🎉 Today marks a major milestone at Semgrep— we’re excited to announce that Semgrep has secured $100M in Series D funding! 🚀 This milestone, led by @MenloVentures with support from our amazing investors. With this boost, we’re more committed than ever to revolutionizing the cybersecurity landscape. 👉 Learn more here: prnewswire.com/news-releases… #appsec #cybersecurity #infosec #devops #ai #staticanalysis
4
11
29
7,300
“I’m here because I’m really excited about the product you’re building!” Thanks @manicode for stopping by the Semgrep HQ to say hi 💕
2
2
27
🚅 Semgrep’s philosophy has been to work on a single file at a time, making it lightweight and fast. 📂 But what if you need to uncover bugs that exist deep inside your code by analyzing across multiple files? 👉 Now you can. Introducing DeepSemgrep: r2c.dev/blog/2022/introducin…
9
29
Recently @trailofbits wrote custom Semgrep rules to detect pesky goroutine leaks. Now they’ve published all their rules to the Semgrep Registry, and you can scan your code with them, too! Run them locally on your code or drop into your CI environment: semgrep.dev/p/trailofbits
11
29
🥳 Big news: Today we’re announcing Semgrep Code, an extension to Semgrep open source that lowers noise and expands security coverage, and ultimately helps find and fix more relevant vulnerabilities in your code. semgrep.dev/blog/2023/announ…
1
6
25
5,405
👋 We’re rather stoked to share new Semgrep goodies with you: 📣 Developer Feedback: see what developers think about rules in their workflow ✍️ Editor: a new place to create, test, and share rules 🚤 Support for 7 new languages and 2x faster scans 📓: r2c.dev/blog/2022/semgreps-f…
1
5
23
We're thrilled to introduce our new Semgrep ruleset for smart contracts. Special thanks to @DecurityHQ for the incredible contributions 🙌. Check out the ruleset here: semgrep.dev/p/smart-contract…
4
20
6,192
🔎 Scan your Java projects for exposure to the Spring4Shell vulnerability using Semgrep: semgrep --config s/dduarte:cve-2022-22965 🤝 Many thanks to community contributor @duarteduarte0 for quickly writing and updating this Semgrep rule! 🔗 Playground: semgrep.dev/s/dduarte:cve-20…
11
22
We love stories with details of how people build a security program from scratch. Here’s a great guide from @anshuman_bh on going from zero to one and what it means to be the founding AppSec engineer: anshumanbhartiya.com/posts/b…
1
6
21
📋 Our first ruleset for GitHub Actions scans workflow files for security issues. 🔎 Read more about the impact of a compromised GitHub Action and what the Semgrep ruleset looks for: r2c.dev/blog/2021/protect-yo… (also includes links to research from the GitHub Security Lab)
5
20
Last week we announced our Series A funding and Semgrep Community 🎉. But also! @clintgibler joined us, and we’re supremely stoked about that 🤩 You may know Clint from his newsletter, tl;dr sec. Clint shares his thoughts on the future of AppSec here: r2c.dev/blog/2020/future-of-…
1
19
☕ Got Java projects? Do yourself a favor and scan them for this week’s big Log4j vulnerability. 🤝 The Semgrep community already wrote a rule for it. 🔎 Here’s the one-liner: docker run --rm -v “${PWD}:/src” returntocorp/semgrep --config s/chegg:log4j2_tainted_argument
7
20
If you missed the @trailofbits 'Introduction to Semgrep' webinar, we have good news! The recording is now available and covers basic and advanced usage, integration of Semgrep into continuous testing processes, and how to introduce the tool into your SDLC. go.semgrep.dev/4blFZgn
10
17
2,397
🌟 We’re just getting started! 🌟 Thanks to our incredible investors, we've raised $100M in Series D funding—fueling our growth and propelling our AI-powered code security vision forward. At Semgrep, we’re transforming how code security works. Our cutting-edge AI automates vulnerability detection and remediation, freeing developers to focus on building innovative, secure software. Learn more about our AI-driven vision in our CEO’s blog post: semgrep.dev/blog/2025/series… #appsec #cybersecurity #devops #infosec #ai #staticanalysis
1
3
17
1,135
We feel for anyone concerned with their financial partner’s health, so we’re offering extended payment terms to our customers. If you’re in a bind and need a security tool, you can get far at no cost with open source Semgrep. Also happy to lend a hand w/ extended payment terms.
4
12
912
We’ve been thrilled to work with the GitLab Secure team over the last few months on the Semgrep integration shipping in GitLab 14. 🚀 Congrats on the launch, @gitlab!
There is a better way to build software. GitLab 14 accelerates modern DevOps, bringing velocity with confidence, built-in Security, and visibility into DevOps success. bit.ly/3xLOyMT
3
17
Semgrep now supports the Solidity language. It’s still in experimental state and there aren’t any Semgrep rulesets for Solidity yet. But if you’d like to hack on Solidity + Semgrep over the holidays, you can! Special thanks to @joranhonig for helping with this 🎉
1
4
17
🎁 There’s so much new in Semgrep we couldn’t fit it all in one place! 🆕 in Semgrep: taint mode, Terraform support, and auto config: r2c.dev/blog/2021/semgrep-fa… 🆕 in Semgrep App: a redesigned UI to configure rules, findings triage, and Jira integration: r2c.dev/blog/2021/semgrep-ap…
9
18
📢 Semgrep Secrets private beta is here! 📢 Don't miss out on the opportunity to be among the first to experience the future of secrets scanning. Request early access to our Secrets private beta today—we can’t wait to hear what you think! go.semgrep.dev/44QqjwT
4
12
1,608
🎙️ In this clip, @Jhaddix shares a reflection inspired by a piece of content Obama wrote after leaving office—about how no one is inherently better than you, and you’d do just as good of a job if you put in the hard work. It’s a reminder that: 🔹 Titles alone don’t define talent 🔹 Hard work and curiosity go a long way 🔹 You do belong in this industry If you’ve ever felt imposter syndrome in security, this one's for you. 🎥 Watch the full interview with @Jhaddix (@arcanuminfosec) and @clintgibler to learn more: piped.video/VsiX-RPoBj4?feature… #AppSec #InfoSec #Cybersecurity #RSAC2025 #Security
2
18
1,546
Introducing: The Modern Security Podcast! 🥳 Dev Akhawe @frgx, Head of Security @figma and @clintgibler, creator of @tldrsec and Head of Security Research @semgrep, discuss how a security team can aim to be secure by default #modernsecuritypodcast go.semgrep.dev/3YWrBVK
6
17
7,602
It was bound to happen: Semgrep now has beta support for Rust! Many thanks to guest author Matt from @redcanary who contributed Semgrep rules for Rust and wrote about it here: semgrep.dev/blog/2023/announ… 🙇 Thank you, Matt!
4
15
1,927
When SQL injection bites, it bites hard. Here’s the creator of Django, @jacobian, on how to purge it from your app: blog.r2c.dev/2020/preventing…
5
15
🚨 CONTEST ALERT! 🚨 Want to win 1 of 3 decks of 'Cards Against AppSec' by Tanya Janca? Simply RT this post and make sure you're following us to enter! ⏳ You have 48 hours—good luck! #AppSec #Giveaway #CardsAgainstAppSec
2
36
16
9,127
🔑 Tremendous achievement unlocked: 💯 Semgrep v0.100.0 shipped — that’s 100 weekly Semgrep releases! 🙇 We couldn’t have done it without the support of the Semgrep community. Thank you.
3
16
👋 So much new in Semgrep that we’re excited to share with you! >_ DeepSemgrep >_ A brand new Playground >_ Support for GitHub Enterprise + GitLab Self-Managed 🚀 Check out all that’s included in our latest launch and how you can get it: r2c.dev/blog/2022/semgreps-m…
5
16
📢 You won't want to miss this webinar on AI & security! Join @clintgibler, founder of @tldrsec and @DanielMiessler, founder of Unsupervised Learning as they discuss the impact AI, ML and LLMs will have on security teams and tools. Save your seat here: go.semgrep.dev/440wIWu
1
7
16
4,214
🕵️‍♂️ Something strange is happening at Meow Wolf’s Omega Mart. Join Semgrep to challenge your perception of the limits of AppSec reality in the agentic era on Tuesday, August 5th from 6-9 pm. Comment "ZERO FALSE POSITIVES" below and register for the event to receive tools upon arrival to access deeper mysteries hidden within the installation. 🎟️ Register: semgrep.dev/events/omega-mar… #HackerSummerCamp #Semgrep #OmegaMart #MeowWolf #AppSec #BlackHat #DEFCON #BSidesLV #zerofalsepositives
2
3
14
5,679
Props to @jayjacobs, @SashaRomanosky, @wadebaker for their research on vulnerability exploitation in the wild and what should (and shouldn't) be remediated by busy teams. Original paper: weis2019.econinfosec.org/wp-… ZDNet synthesis: zdnet.com/article/only-5-5-o…
11
14
"We then came across @r2cdev's @semgrep. It took us less than an hour to install the CLI version of the tool, run a scan and get desired results. This blew our minds..." Aw, shucks 🥰 @JubbaOnJeans from @Razorpay Thanks for sharing Semgrep experience! engineering.razorpay.com/bui…
1
2
14
Looking for a free Code Security Assistant? Today we’re launching public beta access to Semgrep Assistant 🎉 Semgrep Assistant utilizes GPT-4 to triage and recommend fixes for true positive findings, saving developers time and reducing alert fatigue. go.semgrep.dev/43vmMDC
2
14
1,281
📢 The Secret’s out! We’re thrilled to share that Semgrep Secrets is available for Public Beta today! Secrets leverages Semantic Analysis in addition to regex and entropy-based validation to detect secrets with high precision. Learn more → go.semgrep.dev/3Q7a9tY
4
12
5,464
🎉 Huge thanks to James Rundle and @WSJ for their insightful coverage on our series D funding round and the importance of software security! With this new round of funding, Semgrep will further develop our AI capabilities, expand our sales and marketing presence, and hire more talented people to help drive this mission forward. 🌍 👉Read the full article here: wsj.com/articles/semgrep-rai… #AppSec #Cybersecurity #AI #VentureCapital #Semgrep
2
12
1,008
. @elixirlang fans rejoice! Semgrep now offers experimental support for Elixir! Whether you work on @discord, @Pinterest or a personal project, you can now write semantically-aware custom rules to ensure your code is secure and using best practices to your heart's content.🧪⚗️
3
13
Last week GitLab shipped Semgrep as its default JavaScript SAST analyzer. So how does Semgrep compare to the tool it replaces, ESLint? 🔬 Check out our deep-dive comparison of security coverage, custom rules, performance, and use in CI/CD: r2c.dev/blog/2021/javascript…
5
12
Fresh off the presses: the latest recording of our #Semgrep Office Hours session featuring the Illustrious @LewisArdern ✅Reducing False Positives✅ in #react security rules. Get it while it's hot! piped.video/watch?v=VSL44ZZ7… (or stale. The shelf life on that thing is incredible)🥐
1
5
13
It’s important that fast growing startups catch and fix vulnerabilities quickly. @Merge_Dev uses Semgrep to find relevant OSS vulnerabilities and fix them in the developers’ workflow. Hear more from Jacob Brackett, Head of Security: go.semgrep.dev/3KPQigW
1
3
12
1,213
🚀 Exciting news! Introducing Semgrep Academy: your FREE ticket to mastering AppSec and more! 💻 Enroll now in our on-demand courses and elevate your skills! academy.semgrep.dev/ #SemgrepAcademy #FreeCourses #FreeAppSecCourses #Certification #AppSecCertification
6
10
1,323
⭐ Today Semgrep reached 1,000+ stars on GitHub. We’re so grateful for the support and feedback, and we’re pretty excited about Semgrep’s future. Thank you to the whole community! github.com/returntocorp/semg…
1
2
11
☕ Java XML security can be quite a mess. 🧘 Sit down with our security researchers Pieter and Vasilii as they untangle XML security options across different XML parsers. 📓 semgrep.dev/blog/2022/xml-se…
4
12
1,013
🎨 Dynamic rendering is a way to serve web pages to crawlers and improve SEO. ⚠️ Tools like Rendertron make this easy, but if used improperly may introduce vulnerabilities. 🛡 How we found weaknesses in rendering engines and how to protect your apps: r2c.dev/blog/2020/exploiting…
2
11
🚀 Exciting news! 🎉 Semgrep Code now supports C and C++, letting teams consolidate on a modern AppSec platform instead of relying on legacy SAST tools. Semgrep Code makes it easy for teams to shift left and secure code - without slowing down developers. go.semgrep.dev/49vyIsU
4
11
2,301
In Vegas next week for #DEFCON30 #blackhat2022 or #BSidesLV? Come say hi at our Semgrep Happy Hour on Thursday Aug 11 from 4-6pm at the Chandelier at the Cosmopolitan. Great conversationalists such as @0xine, @LewisArdern, @chaiidaii, @DaghanAltas & other r2c-ers will be there!
5
10
🌐 Ready to introduce Semgrep to your organization? 🚀 In this blog, @TrailOfBits breaks down the process of fine-tuning rulesets, creating custom rules, and evangelizing within your organization. Level up your code analysis with Semgrep. Dive in: go.semgrep.dev/3tQgjr4
6
10
2,253
🚨 Big news! Semgrep is excited to announce our latest partnership with Palo Alto Networks. Unify code to cloud insights and accelerate secure development with @PaloAltoNtwks’ Cortex Cloud and @semgrep. 📍 Learn more at our joint demo at Black Hat Booth #3240 on Wednesday August 6 at 10:30am 📣 Read the full press release here: paloaltonetworks.com/company… #AppSec #Cybersecurity #Hackersummercamp #Blackhat2025
4
11
643
📢 Don't miss out on Pieter De Cremer's talk "Secure Defaults: A Scalable Security Approach For Modern Development" from @owasp_NL BeNeLux Days. The recording is now available on YouTube. 🔗 go.semgrep.dev/4bnn5pt @0xDC0DE #AppSec
3
11
1,285
🎉 Join Semgrep, @harnessio, and @trailofbits on May 8th for our @RSAConference Security Soirée at Thriller Social Club. Network with peers, discuss the latest trends, and enjoy fun games. Don't miss out—RSVP now! semgrep.dev/events/in-person… #SecuritySoiree #RSA
7
10
3,666
Semgrep is hiring! If you want to play an integral role in shaping the future of software analysis and security, one of these roles may be for you. go.semgrep.dev/careers
2
9
833
Commercialization of OSS tools — @alex on how our Series B raise fits into a broader trend 👇
r2c raises $27M to scale its security-focused code analysis service tcrn.ch/2TCW1iY by @alex
11
🔧 AppSec isn’t just about finding vulnerabilities—it’s about empowering engineers to ship quickly and safely. @semgrep Co-founder @dlukeomalley shares a practical blueprint of what real-world AppSec looks like for modern software development teams. It’s not scans and spreadsheets. It’s fast feedback, intelligent tooling, and automated security that scales with your code. Learn more: semgrep.dev/blog/2025/appsec… #RSAC2025 #AppSec #AppSecForBuilders #Cybersecurity
4
10
593
It's not every day you get @manicode and @clintgibler in a webinar together! 💪 Tune in this Wed, March 15 @ 10 am PT to hear these 2 security power players talk about preventing Broken Access Control vulnerabilities from entering your code. Register ➡️ get.semgrep.dev/clint-collab…
5
9
3,870
We're kicking off day 2 of @appsecpnw with a special workshop from @shehackspurple on Adding SAST to CI/CD, without losing any friends! 🎉 #appsec #applicationsecurity
2
11
1,221
Wondering how to scan kubeconfigs, nginx configs, or anything YAML? Now you can with Semgrep’s new alpha support for YAML! One of our engineers shared a behind-the-scenes look at how she added it, and how it even scans Semgrep rules themselves: r2c.dev/blog/2021/how-we-mad…
1
4
11
🚨 Important update to Semgrep OSS 🚨 To better distinguish our free, community-driven tool from our commercial platform, we’re rolling out a series of changes. Starting today, Semgrep OSS is now Semgrep Community Edition, and all Semgrep-maintained rules are licensed for internal-use only. Read more: semgrep.dev/blog/2024/import… #semgrep #appsec #cybersecurity #staticanalysis #devops
1
3
9
2,766
Need breakfast plans for @RSAConference 🥐 ? Join @manicode on April 25th for this exclusive appsec breakfast! go.semgrep.dev/3MwnNGB #rsac2023 @TromzoSecurity
3
11
2,210
Thanks to @HellaSecure for a great #HellaConf 2020! Here’s r2c’s CTO, Drew, presenting about Semgrep, open-source code analysis that feels like grep: piped.video/M586wePrwYs. Catch all the videos from the conference on Twitch: twitch.tv/hellasecure/videos…
5
10
“At Semgrep, we are thrilled to partner with @trailofbits, whose rigorous approach to security engineering and research directly complements our focus on embedding secure coding practices within the development pipeline. Their expertise in identifying and mitigating vulnerabilities aligns with our efforts to provide precise and actionable guardrails, enabling teams to produce secure software by design.” - Daghan Altas, CRO, Semgrep Check out this blog featuring our partnership with Trail of Bits→ blog.trailofbits.com/2024/09… #appsec #secureguardrails #partnership #security
1
9
1,637
🔥 No surprise that @lapt0r is ON IT—already writing a new Semgrep rule to protect against the latest Apache log4j2 RCE vulnerability. Check out the rule here 👇
11
🛠️ @TrailOfBits' latest blog provides a comprehensive guide to start using Semgrep in your organization. 🚀 From exploring supported languages to creating custom rules, you'll learn how to elevate your code security game. Check it out: go.semgrep.dev/3tQgjr4
2
10
2,170
🎙️ Elevate your API security game with @shehackspurple on the API Kitchen with host Confidence Staveley (@sisinerd)! Learn valuable insights on applying #OWASP ASVS to fortify your APIs against cyber threats. Don't miss this Penultimate episode! piped.video/watch?v=z0Gv8Fry…
2
9
1,669
Ready to level up your #ThreatModeling skills? If you missed our recent webinar with @adamshostack and @shehackspurple, you can still catch up! Watch the full session on YouTube and enhance your understanding of threat modeling techniques. go.semgrep.dev/4bC0Tba
2
9
2,488
📣 We're bringing together #security experts @dcuthbert @LewisArdern @AroraMinali and @_amanvir for a panel session in London on Feb 20! Join us and learn their best practices in building & scaling highly effective AppSec/ProdSec teams. Save your seat: bit.ly/3lf8gQ8
5
10
3,775
Studying thousands of projects, we found that 98% of their dependency vulnerabilities are unreachable. With reachability analysis, teams can understand the true risk from a vulnerability, not just that it exists in a dependency. 3/4
1
1
10
ICYMI, Semgrep Assistant enables AI-assisted triaging and autofixes for insecure code Learn more about how it works in this 2-minute video: go.semgrep.dev/3Ki8rnf
4
10
575
Thanks @abhaybhargav for an insightful video this morning on Semgrep and the future of static analysis. If you missed it, here’s Abhay discussing security tools and live-coding with Semgrep: piped.video/watch?v=C5lZDCzm…
1
4
10
✨Introducing Semgrep Community Office Hours ✨ this Wednesday at 10am PT. Join @bouncingsheep, @_minus_world, and @enncoded as they explore the new Playground. Save your seat! get.semgrep.dev/officehours
7
10
📰 Fresh off the press! We're excited to announce new interfile analysis support in Semgrep Pro Engine. Check out Emma Jin and Colleen Dai's blog on the 'Birth of Pro Engine' go.semgrep.dev/3Kl0f4W #semgrep #sast
3
10
584
🚀 Calling all developers and security professionals! Don't miss our upcoming fireside chat with Confidence Staveley (@sisinerd) and @shehackspurple on March 27th. Gain valuable insights into API security and learn from the founder of @cybersafehq. go.semgrep.dev/3SNoKMg
1
4
10
1,296
In this excellent, practical introduction to Semgrep, @salecharohit walks through how to pinpoint potential SQL injections, identify use of insecure cryptography, check for enforcement of security best practices, and lots more! notsosecure.com/semgrep-a-pr…
5
10
🔎 Ever try to find code patterns in Terraform files, server configs, or other structured data? 🧪 A new experimental Semgrep feature matches generic patterns in structured data or in languages for which Semgrep doesn’t have a parser. 👉 How to try it: r2c.dev/blog/2020/experiment…
1
10
🏆 Huge congratulations to @shehackspurple for winning the Mentor of the Year award at the SANS Difference Makers Awards! 👏Tanya Janca's commitment to fostering talent and supporting newcomers in cybersecurity is genuinely inspiring. #SANSDifferenceMakers go.semgrep.dev/3Ro1ZOq
1
1
9
885
Hi #defcon! We're excited to host our first workshop, happening tomorrow. But first, a group photo on a bridge over a canal in Venice:
9
We’re excited to announce our partnership with @sysdig to bring code-to-cloud context into both the Semgrep and Sysdig platforms. Our bi-directional integration closes the loop between static analysis and real-time runtime risk, bringing context into both platforms. Now you can: ✅ Prioritize findings based on what’s actually deployed and exposed ✅ Trace runtime alerts to the exact file, repo, and developer ✅ Route actionable fixes and tickets to the teams who can act on them quickly 🔗 Learn how this partnership helps teams fix what matters, faster: semgrep.dev/blog/2025/fix-wh… #BlackHat2025
3
9
518
🌟 Tomorrow is the day! Join us on Jan 25 at 9 AM PT for a live, online Semgrep Community event. @shehackspurple and @adamshostack will share insights on how to mature your threat modeling skills, covering advanced techniques and seamless SDLC integration go.semgrep.dev/47MTe7D
2
8
1,508
Our team had a blast at Day 1 of @LocoMocoSec! 🎉 Huge thanks to everyone who stopped by and chatted with us! We’re looking forward to one more awesome day—make sure you visit our booth and say hi!
2
9
657
You won’t want to miss this webinar with Jacob Brackett, Head of Security at @Merge_Dev and @leifdreizler Sr. Engineering Manager at Semgrep! Tune in to hear how Semgrep enables the Merge team to spend less time triaging tickets. go.semgrep.dev/3KPQigW
2
9
1,626