Live Code Session - Semgrep and the future of Static Analysis

preview_player
Показать описание
I've fallen in love with an awesome tool recently. Its called semgrep. Semgrep is a lightweight static analysis tool for many languages. Along with Github's CodeQL, it is - in my opinion - the future of AppSec and DevSecOps. In this live stream, I talk about the potential for semgrep as a powerful too for Static Analysis (SAST).

Website

Services
Application Security Testing

Application Threat Modeling

Secure Code Review

Solutions
DevSecOps Solutions

Security Regression

Events

Blogs
  1. we45
Рекомендации по теме
Live Code Session 0:37:26

Live Code Session - Semgrep and the future of Static Analysis

Announcing Semgrep Code 0:03:33

Announcing Semgrep Code

Semgrep Code Tour 0:02:24

Semgrep Code Tour

Getting started with 0:04:50

Getting started with Semgrep's Visual Studio Code Extension

Scanning code with 0:04:58

Scanning code with Semgrep using GitHub Actions

How to integrate 0:04:02

How to integrate Semgrep with Github Enterprise

Semgrep Quick Start 0:02:19

Semgrep Quick Start Tutorial

Transforming code with 0:12:02

Transforming code with Semgrep autofixes

Semgrep Platform Overview 0:02:19

Semgrep Platform Overview

Automatic Code Review 0:38:59

Automatic Code Review with Semgrep

Semgrep Setup in 0:01:56

Semgrep Setup in 2 min (or less!)

Write your own 0:00:43

Write your own semgrep rule #semgrep #rule #shorts #short

Introduction to Semgrep 0:02:00

Introduction to Semgrep Assistant - AI-assisted triaging and autofixes for insecure code

Getting started with 0:03:05

Getting started with Semgrep Supply Chain

How to open 0:04:19

How to open a new feature request with Semgrep

Semgrep Pro Engine 0:02:31

Semgrep Pro Engine Tour

Semgrep: Integration into 0:20:09

Semgrep: Integration into CI Final Comments & Questions

Using Semgrep and 0:10:41

Using Semgrep and Jenkins for Static Code Analysis

Semgrep: The Power 0:22:56

Semgrep: The Power of Secure Defaults

SAST yourcode (in 1:24:10

SAST yourcode (in CLI, webapp and VSCode) w/ grep ... Semgrep [en,yt,zoom]

r2c meetup: Writing 1:05:21

r2c meetup: Writing Semgrep rules for security, correctness, performance, and more

Semgrep Summer 2021 0:43:21

Semgrep Summer 2021 Meetup

The Rules: An 1:50:09

The Rules: An Interactive Rule Writing Session

Semgrep 101 1:06:33

Semgrep 101

Комментарии
Автор

Keep up the great videos! I really like how you wrote the code then ran the tool using the code you wrote. Great Content!

jonmagee
Автор

04:02 SAST 05:51 AST 08:40 bandit, brakeman, AST tools 09:59 semmle 11:50 semgrep 14:38 some python code

domaincontroller
Автор

Can you run semgrep to scan a directory of python codes just like how other SAST tools? This seems like a complicated SAST as you need to build different rules and patter for each vulnerabilities.

gene