Original Post: Bringing more Semgrep capabilities to BitBucket and Azure DevOps
Semgrep has expanded its capabilities to include Atlassian BitBucket Cloud, BitBucket Data Center, and Microsoft Azure DevOps, enabling better integration with these source code management tools. New features include:
- PR Comments: Semgrep Code now supports pull request comments, providing security findings directly within BitBucket Cloud, BitBucket Data Center, and Azure DevOps. This reduces context switching and speeds up remediation.
- Secrets Detection: Semgrep Secrets can identify hard-coded secrets or credentials in pull requests, alerting developers via PR comments.
- Supply Chain Compliance: New license violation comments ensure compliant dependency usage.
- Traceable Links: Findings now include hyperlinks to specific code locations for quicker access and better context.
- Network Broker: From version 0.20.0, Semgrep Network Broker supports connectivity with BitBucket Data Center, facilitating secure interactions with on-premise resources.
These enhancements aim to provide seamless security integration into the developer workflow, supporting the shift-left approach to address security issues early in the development lifecycle. Full details can be found in the provided documentation.
Go here to read the Original Post