Semgrep
30 new Semgrep rules: Ansible, Java, Kotlin, shell scripts, and more
By Matt Schwager and Sam Alws We are publishing a set of 30 custom Semgrep rules for Ansible playbooks, Java/Kotlin code, shell scripts, and Docker Compose configuration files. These rules were created ...
How to introduce Semgrep to your organization
By Maciej Domanski, Application Security Engineer Semgrep, a static analysis tool for finding bugs and specific code patterns in more than 30 languages, is set apart by its ease of use, many ...
Application Security Trends & Challenges with Tanya Janca
In this episode, noteworthy guest Tanya Janca returns to discuss her recent ventures and her vision for the future of Application Security. She reflects on the significant changes she has observed since ...
Security flaws in an SSO plugin for Caddy
By Maciej Domanski, Travis Peters, and David Pokora We identified 10 security vulnerabilities within the caddy-security plugin for the Caddy web server that could enable a variety of high-severity attacks in web ...
Secure your Apollo GraphQL server with Semgrep
By Vasco Franco tl;dr: Our publicly available Semgrep ruleset has nine new rules to detect misconfigurations of versions 3 and 4 of the Apollo GraphQL server. Try them out with semgrep --config ...
