Original Post: Semgrep's May 2022 updates
This post summarizes recent significant updates to Semgrep, an open-source static analysis tool for identifying bugs and enforcing code standards, which follows a weekly release cadence. Key new features include:
- DeepSemgrep (Private Beta): An advanced extension providing more accurate results through cross-file analysis for Java and Ruby, reducing false negatives and positives.
- New Playground: Updated to align with the Editor, it offers a more intuitive rule-writing interface, supports side-by-side rule and code viewing, and facilitates rule sharing and saving.
- GitHub Enterprise & GitLab Self-Managed Support: Semgrep can now leave pull/merge request comments on these platforms, enhancing security issue tracking.
Additional features include an Autofix option for automatic code fixes directly within GitHub/GitLab and a default experimental ruleset for optimal results out-of-the-box. The post emphasizes the importance of Semgrep in modern security programs and invites users to join the private beta for DeepSemgrep and learn about deploying Semgrep in enterprise scenarios.
Go here to read the Original Post