Original Post: Introducing DeepSemgrep
Semgrep has always focused on being a lightweight and fast tool for good coding practices, analyzing single files and functions. However, to find more complex bugs, they’ve developed DeepSemgrep, which uses global analysis to improve accuracy without needing a complete codebase. DeepSemgrep offers fewer false negatives and false positives by performing inter-file and inter-procedural analysis, which includes type inference, constant propagation, and taint analysis. It leverages the same rules as Semgrep and provides enhanced insights by looking beyond single file boundaries. Currently available for Team and Enterprise tiers, DeepSemgrep is in private beta with a quick start guide provided. The tool can analyze projects globally by passing the --deep flag, improving rule accuracy such as finding constants across files, understanding class inheritance, and tracking taints across multiple files. Learn more or join the beta through provided documentation and links.
Go here to read the Original Post