Original Post: Need for speed: static analysis version
Semgrep has achieved impressively fast scan times by prioritizing speed through techniques like taint summaries and OCaml-based tree matching. It focuses on syntax, which results in swift operations thanks to purely textual single-file analysis, partial parsing, and optimizations that skip non-matching files.
Semgrep positions itself uniquely between syntactic and semantic realms, originally stemming from a tool at Facebook called sgrep. This foundational approach avoids the slow analysis of control flow and complex semantics, instead relying on swiftly parsing and matching code.
Its speed is further bolstered by being written in OCaml, a language suited for structural decomposition. Additional enhancements include targeted file searches and shifting some Python wrapper logic to OCaml.
Despite advanced features like taint and dataflow analysis, Semgrep remains fast by limiting its scope to single files and leveraging taint summaries, which streamline the analysis by inferring potential taint propagation within functions.
Ultimately, Semgrep’s design philosophy ensures that it only tackles problems it can solve quickly, allowing it to fit effectively into developers’ workflows with scan times typically under 20 seconds, making it a powerful tool for both security engineers and developers.
Go here to read the Original Post