Brendon Go

Semgrep Supply Chain helps you fix the security issues caused by your dependencies, but without flooding you with alerts. It scans your dependencies *and* your code, to determine when you're actually at risk because of a third party vulnerability.

A fast, open-source, code analysis tool that excels at expressing code standards — without complicated queries. Rules look just like code; no more wrestling with regexes. Includes 900+ rules and SaaS infra for use in your editor, at commit-time, or in CI.