Original Post: Expanding Semgrep Supply Chain into Dependency Intelligence and License Compliance
Semgrep has introduced two new features, Dependency Search and License Compliance, to enhance its Supply Chain product. Dependency Search allows users to query their entire codebase for any dependency version, providing updated information and enabling proactive vulnerability checks. License Compliance helps ensure code products do not contain non-compliant licenses by blocking or commenting on such licenses in pull requests. These features aim to give users better insights and control over their software dependencies, addressing the root causes of vulnerabilities and compliance issues. Semgrep continues to develop tools to improve supply chain security and invites users to explore these new features.
Go here to read the Original Post