Original Post: Announcing Semgrep's general availability support of PHP
Semgrep has announced full support for PHP, boasting over 40 PHP rules in their Registry and a PHP parse rate exceeding 99.9%. This achievement is largely credited to external contributor Sjoerd Langkemper, who played a crucial role in adding PHP support to Semgrep and contributed to C# support previously. Sjoerd also developed registry rules for detecting SQL injection in Laravel.
Additionally, Federico Dotta has shared Semgrep rules for PHP security assessments, focusing on SQL injection, Cross-Site Scripting, and authorization bypass.
To utilize these updates, users can:
- Integrate Semgrep with their GitHub or GitLab projects for automatic scans during pull or merge requests.
- Use the command line by upgrading to Semgrep v0.99.0 or higher and running
semgrep --config=autoto scan PHP code.
Go here to read the Original Post