Skip to content

Ensuring Supply Chain Security in C# Projects with Semgrep

Original Post: C# and Semgrep Supply Chain

Semgrep Supply Chain is an open-source dependency scanner designed to reduce false positives through reachability analysis. Since its launch nearly a year ago, it has been well-received by the security community. The tool has notably helped organizations like Thinkific reduce false positives by 85% or more. Recently, support for C# (beta) and PHP (lockfile-only) has been added. For C#, it scans for reachable vulnerabilities in dependencies and supports the widely used NuGet package manager. PHP support is provided for the Composer package manager with lockfile-only rules. Unlike most SCA tools, Semgrep Supply Chain identifies vulnerabilities as reachable if the application code uses vulnerable methods within an open-source library. Additionally, the Semgrep platform can detect issues in an organization’s codebase via Semgrep Code (SAST) and identify accidentally committed secrets with Semgrep Secrets. Both Semgrep Code and Semgrep Supply Chain are available for free trials.

Go here to read the Original Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Exit mobile version