Semgrep Product Updates

Stay up to date on all of the changes to the Semgrep AppSec platform, big and small.
Product Categories
Categories
Subscribe to our blog
RSS feedSubscribe via RSS
Feb 7, 2024

Support for anonymous metavariables (rule-writing and syntax)

You can now use anonymous metavariables when writing or customizing rules, which have the form $_. These metavariables do not bind in the environment, meaning they also do not unify. As such, patterns like:

foo($_, $_)

can match code like

foo(1, 2)

Happy rule writing!

Chushi Li
Dec 13, 2023

Run Semgrep Assistant on selected findings (auto-triage, auto-fix, component tagging)

Users can now select findings and use the "Analyze" button to run all Semgrep Assistant functions (autofix, autotriage, and component tagging) on the selected findings. Once the analysis is completed, users will see results if they:

filter by Fix/Ignore

filter by AI Component Tags

If they select "No Grouping" instead of "Group by Rule" they will see false positive or true positive recommendations directly in their findings.

Learn more

Chushi Li
Nov 8, 2023

Filter findings by components (user authentication, PII, etc.) using Semgrep Assistant

Semgrep Assistant (Semgrep’s AI integration) can now categorize and tag findings based on the component they are found in. Users can use these tags to prioritize findings (only show findings related to user authentication, PII, etc.).

Learn more

Chinmay Gaikwad
Oct 31, 2023

Interfile analysis in PR/MR comments

Previously, cross-file analysis only ran on full scans. Now, we can do interfile analysis on diff scans, which keeps the scan times fast (<5 minutes) and improves result quality for customers. Cross-file analysis can reduce false positives and find new vulnerabilities.

Learn more

Chinmay Gaikwad
Oct 31, 2023

Semgrep's VSCode extension (v1.6.2) can run natively on Windows

Semgrep's VSCode extension (v1.6.2+) can run natively on Windows. Semgrep Platform uses LSP.js as a way of supporting Semgrep on Windows.

Learn more

Chinmay Gaikwad
Oct 24, 2023

Interfile analysis GA support for multiple languages

Go, Java, Javascript, and Typescript’s interfile analysis support is now GA. All cross-functional analysis language support is now GA.

Learn more

Chinmay Gaikwad
Oct 24, 2023

Interfile analysis support for C#

Users can now scan C# projects with Semgrep Code’s Pro Engine, leveraging advanced interfile analysis to uncover more complex vulnerabilities while reducing noise. 

Chinmay Gaikwad
Sep 28, 2023

Scanning code for security issues using Semgrep's IntelliJ plugin

Use Semgrep’s plugin for IntelliJ products (AppCode, Aqua, CLion, DataSpell, DataGrip, GoLand, IntelliJ IDEA Ultimate, PhpStorm, PyCharm Professional, Rider, RubyMine, RustRover, WebStorm) to scan for Semgrep Code and Supply Chain vulnerabilities.

Chinmay Gaikwad
Sep 22, 2023

View recommendations from Semgrep Assistant

The findings page, in group by rule view, now has an assistant recommendation filter. When you filter to recommended ignores, we now show Assistant's explanation inline. Pressing 'Agree' there will automatically ignore the finding.

Learn more

Chinmay Gaikwad
Aug 23, 2023

Semgrep Assistant support for GitLab and GitLab self-managed

Semgrep Assistant (Semgrep’s AI integration) now supports GitLab and GitLab self-managed. Check out the documentation.

Chinmay Gaikwad