Original Post: Security scanning with Semgrep in CI
The article discusses how Semgrep, a code security scanning tool, is continuously improving and integrating into CI/CD workflows to help developers maintain secure code. It elaborates on the benefits of incorporating Semgrep into CI, such as constant security monitoring, bulk management of findings, and preventing vulnerable code from being merged.
Previously, Semgrep officially supported only GitHub Actions and GitLab CI/CD, but has now extended its support to Jenkins, Buildkite, Bitbucket, and CircleCI, in addition to GitHub Enterprise and GitLab Self-Managed. Users can now easily configure Semgrep in these CI environments using newly provided configurations and instructions. The article encourages users to implement Semgrep in their CI/CD workflows and offers community support for any questions, ending with a cute picture of a capybara.
Go here to read the Original Post