Semgrep - Find bugs and enforce code standards

by•5yr ago

A fast, open-source, code analysis tool that excels at expressing code standards — without complicated queries. Rules look just like code; no more wrestling with regexes. Includes 900+ rules and SaaS infra for use in your editor, at commit-time, or in CI.

Replies

Best

Maker

Heya all! Excited for my first post here after lurking for 4-5 years! I joined the team behind Semgrep (called r2c; bonus points for anyone who gets the reference) around half a year ago because I saw they were on the right track to overhaul the code analysis landscape. My personal highlights of Semgrep are: • You write code to search code: `print("hi world")` can be found with the pattern `print(...)` • We're collating much of the world's security know-how with the 900+ Semgrep rules we gathered from the community in a GitHub repo: https://github.com/returntocorp/... Happy to answer questions here or on our community Slack! You can join that via https://r2c.dev/slack

Report

5yr ago