Semgrep

2.5K posts

Semgrep banner
Semgrep

Semgrep

@semgrep

A fast, open-source, static analysis tool for profoundly improving software security and reliability.

only on your local machine Katılım Mayıs 2019
205 Takip Edilen4.5K Takipçiler
Semgrep retweetledi
Isaac Evans
Isaac Evans@0xine·
Is GLM 5.2 backdoored? How would we know? With models like GLM 5.2 performing at Opus-quality on some tasks, this question becomes more important. We've historically used reverse engineering to establish ground truth about program behavior, but there is no equivalent for that today with the models. I wrote about the abysmal state of the model supply chain with @InsiderPhD and @spacerog : semgrep.dev/blog/2026/ai-s…
Isaac Evans tweet media
English
0
3
10
3.5K
Semgrep retweetledi
Isaac Evans
Isaac Evans@0xine·
ICYMI: Last week, our @semgrep internal benchmarks showed that for the first time, an open-source model (GLM 5.2) matched frontier model performance in a vulnerability finding class. This is a big deal for policymakers (and hopefully we had a small part in getting the Fable-ban lifted!) H/T to Bob MicMillan at the WSJ for the great coverage! wsj.com/tech/ai/chines…
Isaac Evans tweet media
English
0
1
2
217
Semgrep
Semgrep@semgrep·
If you're walking the Business Hall, come find us at Booth #4943 for a real demo, not a pitch. And catch Drew Dennison's "Using SAST + Mythos To Shift Right," Thu Aug 6, 3:15pm, Pulse Stage 4 (Expo pass works).
English
0
0
1
83
Semgrep
Semgrep@semgrep·
The Business Hall: It's intense but you never know what some vendors will do with the space, from booth talks, to unique swag, to live demos, there's nothing quite like it, you'll find hilariously creative booths, and be wowed by the best tech.
English
1
0
0
88
Semgrep
Semgrep@semgrep·
Black Hat USA is back at Mandalay Bay, Aug 1–6. 100+ briefings, 100+ trainings, 80+ Arsenal demos. The hard part isn't finding something good. It's choosing what to skip. But how can you spend the week well? Don't worry we have some ideas!
English
2
0
8
448
Semgrep
Semgrep@semgrep·
What is the Cyber Resilience Act, and what does it actually require? Our Security Advocate, Dr. Katie Paxton-Fear (@insiderPhd), has all the details 👇
English
0
0
4
240
Semgrep
Semgrep@semgrep·
Rule one: prioritize original research over marketing. The talks people still cite years later are the ones where someone spent months breaking a system and found something new.
English
0
0
2
132
Semgrep
Semgrep@semgrep·
We analyzed anonymized remediation patterns across 50,000 active repositories, and the data revealed a clear pattern: Past 90 days, security findings stop being just risks and start becoming research projects. The longer an issue sits, the less likely it is to ever get resolved. Why? Because code authorship gets murky, the surrounding code shifts, and finding a fix becomes an archaeological dig just to surface the original context. That "dig" can take just as long as the original sprint took to build the capability to begin with. Beyond that critical 90 days, the success rate for resolving security issues hits a steep drop-off. Leading teams resolve issues under this threshold, while the rest of the field gets bogged. To maximize your team's efficiency, follow the lead of top-performing AppSec teams: hold the line and prioritize freshly identified findings.
Semgrep tweet media
English
0
0
3
351
Semgrep
Semgrep@semgrep·
Have you heard about the European Cyber Resilience Act (CRA)? If you are a Semgrep customer, you are already checking off a lot of the boxes. Semgrep helps you ensure seamless CRA compliance without losing velocity Our Security Advocate Dr. Katie Paxton-Fear explains how 👇
English
0
0
2
378
Semgrep
Semgrep@semgrep·
T-minus five weeks to Hacker Summer Camp. The annual convergence of BSides LV (Aug 3), Black Hat (Aug 5–6) and DEF CON 34 (Aug 6–9). Three venues, one week, the highest density of interesting vulns people and talks on the calendar. Sleep schedules are a known acceptable loss.
English
1
1
4
240
Semgrep
Semgrep@semgrep·
WOW @owasp Global AppSec EU was fantastic this year – even bigger & better than ever before! 🇦🇹 The team had a brilliant few days in Vienna, meeting many friendly faces & new ones alike – for great conversations, interesting insights, and a fun time together as a security community. Securing AI generated code, using LLMs to enhance detection, and complying with CRA were top of mind at the conference – with Vienna views and Austrian food the stars of the show after hours, as 100+ AppSec pros touched the sky at our elevated evening event! ⬆️ Thanks to everyone we chatted to across the two days, plus our partners @code_armor and @escapetechHQ for all their support. See you in 2027 🥳
Semgrep tweet mediaSemgrep tweet mediaSemgrep tweet mediaSemgrep tweet media
English
0
1
3
220
Semgrep retweetledi
Space Rogue
Space Rogue@spacerog·
Black Hat USA 2026: A Space Rogue Survival Guide Forget the vendor swag and AI buzzword bingo. I dug through the schedule and shared what research and sessions I wouldn't miss. See you in Vegas. semgrep.dev/blog/2026/blac…
English
0
4
2
558
Semgrep
Semgrep@semgrep·
We've pushed rules to our supply chain customers, but this is another sign that the changes coming in npm v12 aren't coming soon enough.. semgrep.dev/orgs/-/advisor…
English
1
0
0
97
Semgrep
Semgrep@semgrep·
Miasma is back, 20 npm packages for the Leo Platform ecosystem were infected with another worm. Payload is a CI/CD attack toolkit that steals secrets from GitHub Actions runners, cloud creds stores, package registries, and password managers, then exiles them to Github
Semgrep tweet media
English
1
0
1
188
Semgrep
Semgrep@semgrep·
The old gate was human review. But when agents ship code faster than any human can review it, it can't keep up. Most teams now see ~10x the vulns they had two years ago, and CI/CD catches them too late. So where's the gate now? We are launching Semgrep Guardian, it scans every file the agent touches, as it's written. 95% of scans finish under 5s and it's available now in Cursor + Claude Code
English
1
0
2
224