semgrep

Semgrep is a fast, open-source, static analysis tool for modern languages. With 2,000+ existing rules and simple-to-create custom ones, it finds the bugs that matter.

Semgrep can run anywhere: in CI, your editor, or the command-line. Plus, with dedicated infrastructure from Semgrep, it’s easy to deploy, manage, and monitor Semgrep at scale.

CamoLeak and the Hidden Risks of Prompt Injection in AI Tools
CamoLeak and the Hidden Risks of Prompt Injection in AI Tools
Getting Started with Semgrep Managed Scans
Getting Started with Semgrep Managed Scans
Why context matters for LLMs when writing code
Why context matters for LLMs when writing code
Example of hallucinated dependencies
Example of hallucinated dependencies
Lack of trust amongst developers
Lack of trust amongst developers
4 principles for securing AI generated code
4 principles for securing AI generated code
Embed security checks early and often
Embed security checks early and often
Enforce secure coding guardrails
Enforce secure coding guardrails
Go on the offensive with AI
Go on the offensive with AI
MCP
MCP
Semgrep MCP
Semgrep MCP
Demo pt 1
Demo pt 1
Demo pt 2
Demo pt 2
Demo pt 3
Demo pt 3
Intro
Intro
Security Concerns around AI generated code
Security Concerns around AI generated code
Common risk patterns in AI generated code
Common risk patterns in AI generated code
LLMs mimic insecure patterns in existing codebase
LLMs mimic insecure patterns in existing codebase
Imagine Zero False Positive AppSec
Imagine Zero False Positive AppSec
See What We’re Unveiling at Black Hat—Before Anyone Else
See What We’re Unveiling at Black Hat—Before Anyone Else
Artificial Risks: AI, Games, and Threats
Artificial Risks: AI, Games, and Threats
Scaling SAST with AI – How esure Built Secure Development at Speed
Scaling SAST with AI – How esure Built Secure Development at Speed
Privacy by Design: Making Threat Modeling Work for Data Protection
Privacy by Design: Making Threat Modeling Work for Data Protection
Real-World AppSec: What Actually Works in Practice
Real-World AppSec: What Actually Works in Practice
EMEA: New Features – AI-powered Memories & Enterprise-ready Scanning
EMEA: New Features – AI-powered Memories & Enterprise-ready Scanning
The End of Static Security: How Context-Aware AI Is Changing SAST Forever
The End of Static Security: How Context-Aware AI Is Changing SAST Forever
Common Vulnerabilities in GitHub Actions - And How to Protect Against Them
Common Vulnerabilities in GitHub Actions - And How to Protect Against Them
Empower Your Builders: A Fireside Chat on Practical AppSec
Empower Your Builders: A Fireside Chat on Practical AppSec
Semgrep Spring '25 Release Highlights
Semgrep Spring '25 Release Highlights
Vibe Coding, But Make it Safe
Vibe Coding, But Make it Safe