Announcing Semgrep Community and r2c’s Series A
As Semgrep passes 2,000+ stars on GitHub, we’re thrilled to introduce a new hosted version designed for use in CI: Semgrep Community. We’re also publicly announcing our Series A funding from Redpoint Ventures and Sequoia Capital. More about why we think the future is bright for lightweight code scanning tools:
⬆️ Upgrading Semgrep (new version every week!)
New in Semgrep CLI:
- Homebrew: $ brew upgrade semgrep
- PyPI: $ python -m pip install --upgrade semgrep
- Docker: $ docker pull returntocorp/semgrep:latest
New in Semgrep Community:
- TypeScript support now in beta
- Output JUnit XML-compatible results for use in GitLab and other providers (--junit-xml). Thanks @nightwatchcyber!
- Get CWE and OWASP category tags in SARIF output. Thanks @hunt3rkillerz!
- Safely perform numeric comparisons with the new operator, metavariable-comparison (read docs)
- Run multiple rule configs by repeating the --config option
Note: please update your CLI to v0.29 to get the latest and greatest! We ship a new version every week and you can watch for releases here.
- Downscoped GitHub permissions: no app required for saving rules.
- An updated tutorial (with confetti! 🎊)
- A smattering of performance improvements and bug fixes
🔧 How to find and prevent data leaks using Semgrep
Read how a developer, @nbrahms, found sensitive tokens being leaked in logs and wrote a Semgrep rule to prevent future occurrences — without involved the security team.
Read the post →
Got a question? Want to chat about Semgrep patterns, writing rules, or how to enforce code standards in your organization? Join the r2c Community Slack to say “hi” or ask questions — there’s a friendly and active community ready to help 🤗!
The r2c team