Semgrep is a lightweight static analysis tool for many languages. Find bugs and enforce code standards.

Announcing Semgrep Community and r2c’s Series A

As Semgrep passes 2,000+ stars on GitHub, we’re thrilled to introduce a new hosted version designed for use in CI: Semgrep Community. We’re also publicly announcing our Series A funding from Redpoint Ventures and Sequoia Capital. More about why we think the future is bright for lightweight code scanning tools:


⬆️ Upgrading Semgrep (new version every week!)

  • Homebrew:  $ brew upgrade semgrep 
  • PyPI:  $ python -m pip install --upgrade semgrep 
  • Docker:  $ docker pull returntocorp/semgrep:latest 
New in Semgrep CLI:
  • TypeScript support now in beta
  • Output JUnit XML-compatible results for use in GitLab and other providers (--junit-xml). Thanks @nightwatchcyber!
  • Get CWE and OWASP category tags in SARIF output. Thanks @hunt3rkillerz!
  • Safely perform numeric comparisons with the new operator,  metavariable-comparison  (read docs)
  • Run multiple rule configs by repeating the  --config  option
New in Semgrep Community:
  • Downscoped GitHub permissions: no app required for saving rules.
  • An updated tutorial (with confetti! 🎊)
  • A smattering of performance improvements and bug fixes
Note: please update your CLI to v0.29 to get the latest and greatest! We ship a new version every week and you can watch for releases here.

🔧 How to find and prevent data leaks using Semgrep

Read how a developer, @nbrahms, found sensitive tokens being leaked in logs and wrote a Semgrep rule to prevent future occurrences — without involved the security team.

Read the post →

📢 Feedback

Got a question? Want to chat about Semgrep patterns, writing rules, or how to enforce code standards in your organization? Join the r2c Community Slack to say “hi” or ask questions — there’s a friendly and active community ready to help 🤗!

Happy coding,
The r2c team
Follow r2c on Twitter
r2c, makers of Bento
Copyright © 2020 r2c, All rights reserved.

Want to change how you receive these emails?
You can subscribe or unsubscribe from this list.