#semgrep — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #semgrep, aggregated by home.social.
-
Hey developers and vulnerability researchers!
I'm currently working on improving my #Semgrep ruleset for C/C++ static code analysis, and I've just published the new v1.1.0 release: https://github.com/0xdea/semgrep-rules
Some notable changes since the previous battle-tested release: new rules for detecting high-entropy assignments and ReDoS vulnerabilities, numerous enhancements to existing rules, reduced false positives without sacrificing coverage, optimized patterns across the board, and overall better documentation. Check the changelog for the full list (yes, there’s a changelog now).
Please test it inside and out, and feel free to open issues or submit pull requests. Your feedback is invaluable and will help shape the project roadmap. I'm aiming for a major release sometime before spring.
-
Hey developers and vulnerability researchers!
I'm currently working on improving my #Semgrep ruleset for C/C++ static code analysis, and I've just published the new v1.1.0 release: https://github.com/0xdea/semgrep-rules
Some notable changes since the previous battle-tested release: new rules for detecting high-entropy assignments and ReDoS vulnerabilities, numerous enhancements to existing rules, reduced false positives without sacrificing coverage, optimized patterns across the board, and overall better documentation. Check the changelog for the full list (yes, there’s a changelog now).
Please test it inside and out, and feel free to open issues or submit pull requests. Your feedback is invaluable and will help shape the project roadmap. I'm aiming for a major release sometime before spring.
-
Hey developers and vulnerability researchers!
I'm currently working on improving my #Semgrep ruleset for C/C++ static code analysis, and I've just published the new v1.1.0 release: https://github.com/0xdea/semgrep-rules
Some notable changes since the previous battle-tested release: new rules for detecting high-entropy assignments and ReDoS vulnerabilities, numerous enhancements to existing rules, reduced false positives without sacrificing coverage, optimized patterns across the board, and overall better documentation. Check the changelog for the full list (yes, there’s a changelog now).
Please test it inside and out, and feel free to open issues or submit pull requests. Your feedback is invaluable and will help shape the project roadmap. I'm aiming for a major release sometime before spring.
-
Hey developers and vulnerability researchers!
I'm currently working on improving my #Semgrep ruleset for C/C++ static code analysis, and I've just published the new v1.1.0 release: https://github.com/0xdea/semgrep-rules
Some notable changes since the previous battle-tested release: new rules for detecting high-entropy assignments and ReDoS vulnerabilities, numerous enhancements to existing rules, reduced false positives without sacrificing coverage, optimized patterns across the board, and overall better documentation. Check the changelog for the full list (yes, there’s a changelog now).
Please test it inside and out, and feel free to open issues or submit pull requests. Your feedback is invaluable and will help shape the project roadmap. I'm aiming for a major release sometime before spring.
-
Hey developers and vulnerability researchers!
I'm currently working on improving my #Semgrep ruleset for C/C++ static code analysis, and I've just published the new v1.1.0 release: https://github.com/0xdea/semgrep-rules
Some notable changes since the previous battle-tested release: new rules for detecting high-entropy assignments and ReDoS vulnerabilities, numerous enhancements to existing rules, reduced false positives without sacrificing coverage, optimized patterns across the board, and overall better documentation. Check the changelog for the full list (yes, there’s a changelog now).
Please test it inside and out, and feel free to open issues or submit pull requests. Your feedback is invaluable and will help shape the project roadmap. I'm aiming for a major release sometime before spring.
-
Как мы профукали базу клиента и научились безопасности
Больше восьми лет я работал backend‑разработчиком. Мы создавали веб‑приложения для автоматизации логистики и закупок. Команда росла, процессы крепли. Всё было правильно и красиво: CI/CD, код‑ревью, споры о чистоте архитектуры и идеальном нейминге. Мир был прост, предсказуем и казалось, что так будет всегда. Но однажды утром всё изменилось. Что же случилось?
-
Как мы профукали базу клиента и научились безопасности
Больше восьми лет я работал backend‑разработчиком. Мы создавали веб‑приложения для автоматизации логистики и закупок. Команда росла, процессы крепли. Всё было правильно и красиво: CI/CD, код‑ревью, споры о чистоте архитектуры и идеальном нейминге. Мир был прост, предсказуем и казалось, что так будет всегда. Но однажды утром всё изменилось. Что же случилось?
-
Как мы профукали базу клиента и научились безопасности
Больше восьми лет я работал backend‑разработчиком. Мы создавали веб‑приложения для автоматизации логистики и закупок. Команда росла, процессы крепли. Всё было правильно и красиво: CI/CD, код‑ревью, споры о чистоте архитектуры и идеальном нейминге. Мир был прост, предсказуем и казалось, что так будет всегда. Но однажды утром всё изменилось. Что же случилось?
-
Как мы профукали базу клиента и научились безопасности
Больше восьми лет я работал backend‑разработчиком. Мы создавали веб‑приложения для автоматизации логистики и закупок. Команда росла, процессы крепли. Всё было правильно и красиво: CI/CD, код‑ревью, споры о чистоте архитектуры и идеальном нейминге. Мир был прост, предсказуем и казалось, что так будет всегда. Но однажды утром всё изменилось. Что же случилось?
-
I interviewed Kim Wuyts for a #Semgrep fireside chat called Privacy by Design: Making Threat Modeling Work for Data Protection, and it was super fun!
Watch us here: https://twp.ai/4ipiK6
@KimWuyts #privacy #threatmodeling
-
I interviewed Kim Wuyts for a #Semgrep fireside chat called Privacy by Design: Making Threat Modeling Work for Data Protection, and it was super fun!
Watch us here: https://twp.ai/4ipiK6
@KimWuyts #privacy #threatmodeling
-
I interviewed Kim Wuyts for a #Semgrep fireside chat called Privacy by Design: Making Threat Modeling Work for Data Protection, and it was super fun!
Watch us here: https://twp.ai/4ipiK6
@KimWuyts #privacy #threatmodeling
-
I interviewed Kim Wuyts for a #Semgrep fireside chat called Privacy by Design: Making Threat Modeling Work for Data Protection, and it was super fun!
Watch us here: https://twp.ai/4ipiK6
@KimWuyts #privacy #threatmodeling
-
I interviewed Kim Wuyts for a #Semgrep fireside chat called Privacy by Design: Making Threat Modeling Work for Data Protection, and it was super fun!
Watch us here: https://twp.ai/4ipiK6
@KimWuyts #privacy #threatmodeling
-
⏰ 2 days left! Submit your CtF level for a shot at $500 worth of Semgrep prizes at AppSec Village, @defcon 33.
Enter by Aug 3: https://appsecvillage.com/ctf
#defcon33 #ctf #semgrep #appsec #sponsors #win #challenge #capturetheflag
-
⏰ 2 days left! Submit your CtF level for a shot at $500 worth of Semgrep prizes at AppSec Village, @defcon 33.
Enter by Aug 3: https://appsecvillage.com/ctf
#defcon33 #ctf #semgrep #appsec #sponsors #win #challenge #capturetheflag
-
⏰ 2 days left! Submit your CtF level for a shot at $500 worth of Semgrep prizes at AppSec Village, @defcon 33.
Enter by Aug 3: https://appsecvillage.com/ctf
#defcon33 #ctf #semgrep #appsec #sponsors #win #challenge #capturetheflag
-
⏰ 2 days left! Submit your CtF level for a shot at $500 worth of Semgrep prizes at AppSec Village, @defcon 33.
Enter by Aug 3: https://appsecvillage.com/ctf
#defcon33 #ctf #semgrep #appsec #sponsors #win #challenge #capturetheflag
-
#Semgrep static analysis tool for #code scanning at ludicrous speed 🔍
🔍 Supports 30+ languages including #Python #JavaScript #Java #Go #C #Rust #TypeScript #php and more
🛡️ Finds bugs, enforces #security guardrails and coding standards with semantic pattern matching
⚡ Runs locally by default - code never uploaded, works in #IDE, pre-commit hooks & #CI/CD workflows
🤖 #AI-powered #SemgrepAssistant provides intelligent triaging and step-by-step remediation guidance
🧵 👇
-
#Semgrep static analysis tool for #code scanning at ludicrous speed 🔍
🔍 Supports 30+ languages including #Python #JavaScript #Java #Go #C #Rust #TypeScript #php and more
🛡️ Finds bugs, enforces #security guardrails and coding standards with semantic pattern matching
⚡ Runs locally by default - code never uploaded, works in #IDE, pre-commit hooks & #CI/CD workflows
🤖 #AI-powered #SemgrepAssistant provides intelligent triaging and step-by-step remediation guidance
🧵 👇
-
#Semgrep static analysis tool for #code scanning at ludicrous speed 🔍
🔍 Supports 30+ languages including #Python #JavaScript #Java #Go #C #Rust #TypeScript #php and more
🛡️ Finds bugs, enforces #security guardrails and coding standards with semantic pattern matching
⚡ Runs locally by default - code never uploaded, works in #IDE, pre-commit hooks & #CI/CD workflows
🤖 #AI-powered #SemgrepAssistant provides intelligent triaging and step-by-step remediation guidance
🧵 👇
-
#Semgrep static analysis tool for #code scanning at ludicrous speed 🔍
🔍 Supports 30+ languages including #Python #JavaScript #Java #Go #C #Rust #TypeScript #php and more
🛡️ Finds bugs, enforces #security guardrails and coding standards with semantic pattern matching
⚡ Runs locally by default - code never uploaded, works in #IDE, pre-commit hooks & #CI/CD workflows
🤖 #AI-powered #SemgrepAssistant provides intelligent triaging and step-by-step remediation guidance
🧵 👇
-
#Semgrep static analysis tool for #code scanning at ludicrous speed 🔍
🔍 Supports 30+ languages including #Python #JavaScript #Java #Go #C #Rust #TypeScript #php and more
🛡️ Finds bugs, enforces #security guardrails and coding standards with semantic pattern matching
⚡ Runs locally by default - code never uploaded, works in #IDE, pre-commit hooks & #CI/CD workflows
🤖 #AI-powered #SemgrepAssistant provides intelligent triaging and step-by-step remediation guidance
🧵 👇
-
I interviewed Kim Wuyts for a #Semgrep fireside chat called Privacy by Design: Making Threat Modeling Work for Data Protection, and it was super fun!
Watch us here: https://twp.ai/4inxqU
@KimWuyts #privacy #threatmodeling
-
I interviewed Kim Wuyts for a #Semgrep fireside chat called Privacy by Design: Making Threat Modeling Work for Data Protection, and it was super fun!
Watch us here: https://twp.ai/4inxqU
@KimWuyts #privacy #threatmodeling
-
I interviewed Kim Wuyts for a #Semgrep fireside chat called Privacy by Design: Making Threat Modeling Work for Data Protection, and it was super fun!
Watch us here: https://twp.ai/4inxqU
@KimWuyts #privacy #threatmodeling
-
I interviewed Kim Wuyts for a #Semgrep fireside chat called Privacy by Design: Making Threat Modeling Work for Data Protection, and it was super fun!
Watch us here: https://twp.ai/4inxqU
@KimWuyts #privacy #threatmodeling
-
I interviewed Kim Wuyts for a #Semgrep fireside chat called Privacy by Design: Making Threat Modeling Work for Data Protection, and it was super fun!
Watch us here: https://twp.ai/4inxqU
@KimWuyts #privacy #threatmodeling
-
I interviewed Kim Wuyts for a #Semgrep fireside chat called Privacy by Design: Making Threat Modeling Work for Data Protection, and it was super fun!
Watch us here: https://twp.ai/4io15f
@KimWuyts #privacy #threatmodeling
-
I interviewed Kim Wuyts for a #Semgrep fireside chat called Privacy by Design: Making Threat Modeling Work for Data Protection, and it was super fun!
Watch us here: https://twp.ai/4io15f
@KimWuyts #privacy #threatmodeling
-
I interviewed Kim Wuyts for a #Semgrep fireside chat called Privacy by Design: Making Threat Modeling Work for Data Protection, and it was super fun!
Watch us here: https://twp.ai/4io15f
@KimWuyts #privacy #threatmodeling
-
I interviewed Kim Wuyts for a #Semgrep fireside chat called Privacy by Design: Making Threat Modeling Work for Data Protection, and it was super fun!
Watch us here: https://twp.ai/4io15f
@KimWuyts #privacy #threatmodeling
-
I interviewed Kim Wuyts for a #Semgrep fireside chat called Privacy by Design: Making Threat Modeling Work for Data Protection, and it was super fun!
Watch us here: https://twp.ai/4io15f
@KimWuyts #privacy #threatmodeling
-
GitLab CI-CD semgrep SAST (Static Application Security Test) configuration example; blocks the MR if there is any finding.
-
GitLab CI-CD semgrep SAST (Static Application Security Test) configuration example; blocks the MR if there is any finding.
-
GitLab CI-CD semgrep SAST (Static Application Security Test) configuration example; blocks the MR if there is any finding.
-
One static analysis tool tells me to use `lstat` and `fstat` to avoid (or at least detect) malicious replacement of a file that I `open`. Then, after doing this, my other static analysis tool complains that I’ve introduced a TOCTOU (time-of-use, time-of-check) between `lstat` and `open`.
Sure, but I’m going to detect that. Real issue I have with all of this is that there’s still a window (which I estimate to be the about the same size in both versions of this program) between creating this pseudoterminal file and the next interaction I have with it (be that pulling file stats with `lstat` or `open`ing it).
#SemGrep #Coverity #StaticAnalysis #Programming #C -
One static analysis tool tells me to use `lstat` and `fstat` to avoid (or at least detect) malicious replacement of a file that I `open`. Then, after doing this, my other static analysis tool complains that I’ve introduced a TOCTOU (time-of-use, time-of-check) between `lstat` and `open`.
Sure, but I’m going to detect that. Real issue I have with all of this is that there’s still a window (which I estimate to be the about the same size in both versions of this program) between creating this pseudoterminal file and the next interaction I have with it (be that pulling file stats with `lstat` or `open`ing it).
#SemGrep #Coverity #StaticAnalysis #Programming #C -
One static analysis tool tells me to use `lstat` and `fstat` to avoid (or at least detect) malicious replacement of a file that I `open`. Then, after doing this, my other static analysis tool complains that I’ve introduced a TOCTOU (time-of-use, time-of-check) between `lstat` and `open`.
Sure, but I’m going to detect that. Real issue I have with all of this is that there’s still a window (which I estimate to be the about the same size in both versions of this program) between creating this pseudoterminal file and the next interaction I have with it (be that pulling file stats with `lstat` or `open`ing it).
#SemGrep #Coverity #StaticAnalysis #Programming #C -
One static analysis tool tells me to use `lstat` and `fstat` to avoid (or at least detect) malicious replacement of a file that I `open`. Then, after doing this, my other static analysis tool complains that I’ve introduced a TOCTOU (time-of-use, time-of-check) between `lstat` and `open`.
Sure, but I’m going to detect that. Real issue I have with all of this is that there’s still a window (which I estimate to be the about the same size in both versions of this program) between creating this pseudoterminal file and the next interaction I have with it (be that pulling file stats with `lstat` or `open`ing it).
#SemGrep #Coverity #StaticAnalysis #Programming #C