Original Post: Semgrep Code brings modern static analysis to C/C++
Semgrep has launched GA support for C and C++ in Semgrep Code, providing fast and accurate static analysis for C/C++ projects. The traditional methods of analyzing C/C++ code are slow and complex due to the need to compile the project first. Semgrep’s approach bypasses this by parsing source code before macro expansion, allowing for quick and efficient analysis without the need for a build step. By leveraging tree-sitter grammars, Semgrep can understand C/C++ code and preprocessor directives effectively. Despite some limitations in parsing complex macros or conditional compilation directives, Semgrep’s C/C++ support offers comprehensive coverage and speeds up the scanning process. The team behind Semgrep’s C/C++ support has worked tirelessly to bring a modern solution to C/C++ shops, reducing reliance on legacy tools and providing developers with accurate security analysis at the right time in their workflows.
Go here to read the Original Post