Log inSign up
Semgrep
2,472 posts
user avatar
Semgrep
@semgrep
A fast, open-source, static analysis tool for profoundly improving software security and reliability.
only on your local machine
semgrep.dev
Joined May 2019
204
Following
4,485
Followers

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

Terms·Privacy·Cookies·Accessibility·Ads Info·© 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up
  • user avatar
    Semgrep
    @semgrep
    May 15, 2025
    We're thrilled to announce our partnership with @Replit to bring you Secure Vibe Coding. Now you can scan, find, and fix vulnerabilities before you deploy — all in your browser. Code faster, code smarter, and ship with confidence. Why It Matters: 🔍 Real-time vulnerability
    84K
  • user avatar
    Semgrep
    @semgrep
    Oct 4, 2022
    🥳 Big news: we’re launching Semgrep Supply Chain to find reachable vulnerable dependencies in your code. We’ve seen teams struggle w/ dependency vulnerabilities and heard software composition analysis (SCA) tools are “false positive factories.” r2c.dev/blog/2022/intr… 🧵 1/4
    Learn more at semgrep.dev
    Semgrep App Security Platform | AI-assisted SAST, SCA and Secrets Detection
    From semgrep.dev
  • user avatar
    Semgrep
    @semgrep
    Mar 15, 2025
    🚨A very popular GitHub Action, tj-actions/changed-files, has been compromised with a payload that appears to attempt to dump secrets, impacting thousands of CI pipelines. If you’re using this action, we recommend you stop using it immediately. More here including how to
    semgrep.dev
    🚨 Popular GitHub Action tj-actions/changed-files is compromised
    Popular GitHub Action tj-actions/changed-files has been compromised with a payload that appears to attempt to dump secrets, impacting thousands of CI pipelines.
    37K
  • user avatar
    Semgrep
    @semgrep
    Aug 4, 2023
    We are thrilled to announce that @wehackpurple is joining forces with Semgrep! Tanya Janca, @shehackspurple, has trained thousands of AppSec professionals and built an amazing community—with Semgrep she’ll continue that great work. Read more here:
    semgrep.dev
    Why We Hack Purple and I are joining Semgrep
    Why I'm choosing Semgrep, and what the future will hold for the AppSec Community.
    35K
  • user avatar
    Semgrep
    @semgrep
    Apr 18, 2023
    🥳 Big news today! We’ve raised $53M in Series C funding, led by @lightspeedvp and with the support of @felicis, @redpoint and @sequoia. More from our CEO, @0xine: semgrep.dev/blog/2023/seri…
    00:00
    32K
  • user avatar
    Semgrep
    @semgrep
    Oct 29, 2020
    ⭐ Semgrep just passed 2,000 GitHub stars, yay! 📣 Today we’re thrilled to introduce Semgrep Community and announce our Series A funding from @RedpointVC and @sequoia. 🙏 Thanks to all who’ve supported us along the way. We’re grateful and humbled. More:
    Learn more at semgrep.dev
    Semgrep App Security Platform | AI-assisted SAST, SCA and Secrets Detection
    From semgrep.dev
  • user avatar
    Semgrep
    @semgrep
    Jan 22, 2021
    🤔 How can you prove your web app doesn’t have XSS? 🤖 Check out these new cheat sheets for Django, Flask, Java/JSP, and Rails. Each includes a single Semgrep command to scan your code for XSS issues. 📓 Instructions on how to run them: r2c.dev/blog/2021/xss-…
  • user avatar
    Semgrep
    @semgrep
    Jul 8, 2025
    🔥 Semgrep is officially live on Cursor! You can now harness the power of @semgrep directly in your AI coding assistant, combining fast, accurate static analysis with LLMs to help developers ship code that’s secure from the start, fast. From securing code at leading AI
    11K
  • user avatar
    Semgrep
    @semgrep
    Sep 15, 2020
    In case you missed it — Hardcoded secrets, unverified tokens, and other common JWT mistakes: @ermil0v shares what he learned from bug-hunting 2,000 npm modules: r2c.dev/blog/2020/hard…
  • user avatar
    Semgrep
    @semgrep
    Jul 8, 2022
    Community member spotlight on.... Marco Ivaldi, aka @0xdea! We retweeted a blog post he wrote earlier this week on pen testing binaries with Semgrep, but he's also written a wealth of C++ rules (35!) to catch vulnerabilities: security.humanativaspa.it/semgrep-rulese… THANK YOU, @0xdea!! #cpp
  • user avatar
    Semgrep
    @semgrep
    Apr 4, 2023
    🤖 Semgrep: now augmented with AI We’re excited to announce the private beta of Semgrep Assistant. Learn how we're using GPT to reduce noise and auto-fix bugs, making it even easier to ship secure code quickly 🧵 go.semgrep.dev/3ZEJFCQ
    17K
  • user avatar
    Semgrep
    @semgrep
    Jun 16, 2023
    🗣Thanks to @RomainJufer, CSO of @avnu_fi, experimental support for Cairo 1.0 has been added to the Semgrep arsenal! Learn more about it here: go.semgrep.dev/3WPVeqT
    8.9K
  • user avatar
    Semgrep
    @semgrep
    Jun 22, 2021
    🆕 The full power of Semgrep is now available in GitLab! 🤝 Our collab with @gitlab makes Semgrep the GitLab SAST analyzer for JS/TS and Python (& more coming)! ➕ Discuss findings in merge requests, access the rule registry, and add custom rules. 👉 r2c.dev/blog/2021/intr…
  • user avatar
    Semgrep
    @semgrep
    Aug 6, 2020
    🤔 What if grep had types? Our intern, Emma, explored this and added type-awareness to Semgrep. Now you can find bugs and antipatterns or enforce best practices even more precisely:
    Learn more at semgrep.dev
    Semgrep App Security Platform | AI-assisted SAST, SCA and Secrets Detection
    From semgrep.dev