Semgrep (@semgrep) / X

Semgrep

2,446 posts

Semgrep

@semgrep

A fast, open-source, static analysis tool for profoundly improving software security and reliability.

only on your local machine

Joined May 2019

Semgrep
@semgrep
May 15, 2025
We're thrilled to announce our partnership with @Replit to bring you Secure Vibe Coding. Now you can scan, find, and fix vulnerabilities before you deploy — all in your browser. Code faster, code smarter, and ship with confidence. Why It Matters: 🔍 Real-time vulnerability
84K
Semgrep
@semgrep
Oct 4, 2022
🥳 Big news: we’re launching Semgrep Supply Chain to find reachable vulnerable dependencies in your code. We’ve seen teams struggle w/ dependency vulnerabilities and heard software composition analysis (SCA) tools are “false positive factories.” r2c.dev/blog/2022/intr… 🧵 1/4
Semgrep App Security Platform | AI-assisted SAST, SCA and Secrets Detection
From semgrep.dev
Semgrep
@semgrep
Mar 15, 2025
🚨A very popular GitHub Action, tj-actions/changed-files, has been compromised with a payload that appears to attempt to dump secrets, impacting thousands of CI pipelines. If you’re using this action, we recommend you stop using it immediately. More here including how to
🚨 Popular GitHub Action tj-actions/changed-files is compromised
From semgrep.dev
37K
Semgrep
@semgrep
Aug 4, 2023
We are thrilled to announce that @wehackpurple is joining forces with Semgrep! Tanya Janca, @shehackspurple, has trained thousands of AppSec professionals and built an amazing community—with Semgrep she’ll continue that great work. Read more here:
Why We Hack Purple and I are joining Semgrep
From semgrep.dev
35K
Semgrep
@semgrep
Apr 18, 2023
🥳 Big news today! We’ve raised $53M in Series C funding, led by @lightspeedvp and with the support of @felicis, @Redpoint and @sequoia. More from our CEO, @0xine: semgrep.dev/blog/2023/seri…
00:00
32K
Semgrep
@semgrep
Oct 29, 2020
⭐ Semgrep just passed 2,000 GitHub stars, yay! 📣 Today we’re thrilled to introduce Semgrep Community and announce our Series A funding from @RedpointVC and @sequoia. 🙏 Thanks to all who’ve supported us along the way. We’re grateful and humbled. More:
Semgrep App Security Platform | AI-assisted SAST, SCA and Secrets Detection
From semgrep.dev
Semgrep
@semgrep
Jan 22, 2021
🤔 How can you prove your web app doesn’t have XSS? 🤖 Check out these new cheat sheets for Django, Flask, Java/JSP, and Rails. Each includes a single Semgrep command to scan your code for XSS issues. 📓 Instructions on how to run them: r2c.dev/blog/2021/xss-…
Semgrep
@semgrep
Jul 8, 2025
🔥 Semgrep is officially live on Cursor! You can now harness the power of @semgrep directly in your AI coding assistant, combining fast, accurate static analysis with LLMs to help developers ship code that’s secure from the start, fast. From securing code at leading AI
11K
Semgrep
@semgrep
Sep 15, 2020
In case you missed it — Hardcoded secrets, unverified tokens, and other common JWT mistakes: @ermil0v shares what he learned from bug-hunting 2,000 npm modules: r2c.dev/blog/2020/hard…
Semgrep
@semgrep
Jul 8, 2022
Community member spotlight on.... Marco Ivaldi, aka @0xdea! We retweeted a blog post he wrote earlier this week on pen testing binaries with Semgrep, but he's also written a wealth of C++ rules (35!) to catch vulnerabilities: security.humanativaspa.it/semgrep-rulese… THANK YOU, @0xdea!! #cpp
Semgrep
@semgrep
Apr 4, 2023
🤖 Semgrep: now augmented with AI We’re excited to announce the private beta of Semgrep Assistant. Learn how we're using GPT to reduce noise and auto-fix bugs, making it even easier to ship secure code quickly 🧵 go.semgrep.dev/3ZEJFCQ
17K
Semgrep
@semgrep
Jun 16, 2023
🗣Thanks to @RomainJufer, CSO of @avnu_fi, experimental support for Cairo 1.0 has been added to the Semgrep arsenal! Learn more about it here: go.semgrep.dev/3WPVeqT
8.9K
Semgrep
@semgrep
Jun 22, 2021
🆕 The full power of Semgrep is now available in GitLab! 🤝 Our collab with @gitlab makes Semgrep the GitLab SAST analyzer for JS/TS and Python (& more coming)! ➕ Discuss findings in merge requests, access the rule registry, and add custom rules. 👉 r2c.dev/blog/2021/intr…
Semgrep
@semgrep
Aug 6, 2020
🤔 What if grep had types? Our intern, Emma, explored this and added type-awareness to Semgrep. Now you can find bugs and antipatterns or enforce best practices even more precisely:
Semgrep App Security Platform | AI-assisted SAST, SCA and Secrets Detection
From semgrep.dev