All activity
Semgrep combines static analysis and LLMs to ensure that both security teams and developers only deal with real security issues.
Semgrep AssistantYour AI Appsec Engineer
Bence Nagy (underyx)left a comment
Heya all, excited to show off what I've been privately calling an AI cybersecurity tool built by AI skeptics. Two years ago we started a series of experiments with this philosophy of identifying small pieces of cognitive work where a human can very clearly map out the input data they need and the algorithm they'd follow to make a decision. This idea came partly out of frustration with the...
Semgrep AssistantYour AI Appsec Engineer
Bence Nagy (underyx)left a comment
Heya! Very excited to share. This is our company's second product; which was built based on the pain points we heard the most, over and over again, from our existing customers and prospects: that dependency alerts are useless because they're so full of false positives. We've trialled a possible solution based on reachability analysis, and after checking in with some trial customers feel like...
Semgrep Supply ChainIt's time to ignore 98% of dependency alerts
Semgrep Supply Chain helps you fix the security issues caused by your dependencies, but without flooding you with alerts. It scans your dependencies *and* your code, to determine when you're actually at risk because of a third party vulnerability.
Semgrep Supply ChainIt's time to ignore 98% of dependency alerts