Oliver Kopitz @Oliver_Semgrep

Additional new npm packages were compromised yesterday, this time using secret scanning tools themselves in a post install script to gather and exfiltrate credentials. The Shai Hulud worm works similar to the Nx attack, but can potentially cascade additional compromised packages…

🚨 60% of SAST Findings — Gone Before You Ever See Them This year, Semgrep Assistant has been automatically triaging ~60% of SAST findings for our customers. When teams audit its decisions, they agree over 96% of the time. 🔑 Why this matters: 1️⃣ Most security teams spend half…

A cryptostealer malware was pushed to a number of npm packages including debug, chalk , and a number of utility packages as a result of the compromise of a single contributor. While many of these packages were quickly removed from npm before they were downloaded, we have…

🚀 Vibe coding is here and it’s transforming how software gets built. AI copilots and natural language prompts turn ideas into deployed code in minutes. But with speed comes risk: is the code secure? That’s where Semgrep comes in. We are the #1 AppSec platform for vibe coding,…

Thousands of developers have been impacted by the nx supply chain attack. This blog is your playbook: how to check if your org is compromised, what to fix, and how to stay protected. We break down the incident timeline, share detection rules you can run immediately, and outline…

🚀 Scaling AppSec with a small team? Wealthsimple shows how it’s done! With just 5 security engineers supporting 400+ developers, Semgrep’s AI-powered analysis and 12 active Memories helped them: ✅ Analyze 630+ findings ✅ Cut false positives by 62% (397 avoided) ✅ Prevent 38…

🚀 There’s still time to save your seat! Join Milan Williams, Andy Huang, and Randall Westbrook tomorrow, August 27th at 10AM PT, for the Semgrep Summer ‘25 Release Webinar 🌞 Get the first look at: 🔹 Assistant Memories GA 🔹 Industry’s first reachability analysis for PHP 🔹…

Semgrep Summer ’25 Release Highlights! ☀️ Join Randall Westbrook on August 27th at 10AM PT for our live Summer Release Webinar to see what’s new: 🔹 Assistant Memories GA 🔹 Industry’s first PHP reachability analysis 🔹 Powerful new Semgrep platform features 🔹 Roadmap sneak…

As another Hacker Summer Camp rolls around, it seems all anyone could talk about is AI, and with how quickly it’s touched every industry, including software, it’s focus at the biggest security event of the year is perhaps not surprising. However, one element of the AI tech stack…

📢 The July release notes are live! 📢 We're pleased to announce the following updates (and more!) to Semgrep: 🔷 Support for running Semgrep natively on Windows is now in public beta. This applies to running Semgrep through the CLI and an IDE such as Cursor, VS Code, and…

That’s a wrap on Black Hat 2025 🎤 From code-to-cloud demos and book signings to scavenger hunts, speaking sessions, and packed parties—we’ve loved every minute of it. Huge thank you to everyone who joined us last night at our Ice Bar and Level Up events. It was a blast…

keyboard_arrow_left Previous keyboard_arrow_right Next

We’re back at booth #5221 and still going strong! 🚀 Catch our joint sessions with: 🔹Sysdig @ 11:30 am 🔹Palo Alto Networks @ 12:30 pm 👋Meet @clintgibler from 1:00–2:30 pm 📚Book signing with @shehackspurple @ 2:30 pm Still time to join the fun—swing by before 4:00 pm!…

keyboard_arrow_left Previous keyboard_arrow_right Next

🙌 You showed up and brought the energy! Thank you to everyone who stopped by booth #5221 today for the book signings, swag, demos, and great conversations. We’re just getting started. Don't forget to download our HSC Top 10 scavenger hunt (inspired by the OWASP Top 10): 🕵️…

keyboard_arrow_left Previous keyboard_arrow_right Next

🔥 Live today at booth #5221: ✅ Custom demos 📚 @shehackspurple book signing at 12 PM 🎩 Actual black hats so you can hit the conference floor in style We’re showing how Semgrep helps teams fix vulns faster, cut AppSec backlogs, and save devs serious time—up to 30 minutes per…

keyboard_arrow_left Previous keyboard_arrow_right Next

The Semgrep team has officially touched down in Vegas for #HackerSummerCamp! 🎲🌆 We’re here all week with book signings, hands-on demos, exclusive swag, and can’t-miss events — plus our HSC Top 10 Scavenger Hunt 🕵️ inspired by the OWASP Top 10. Download it and play along:…

🎉 Last chance to join @semgrep for our AppSec party at Meow Wolf’s Omega Mart! Skip the lines and tourists and enjoy private access to this mind-bending immersive installation 🌀✨ Event is free to attend and open for your colleagues to join you! 🙌 🔗 Save your spot here →…

🚨 Big news! Semgrep is excited to announce our latest partnership with Palo Alto Networks. Unify code to cloud insights and accelerate secure development with @PaloAltoNtwks’ Cortex Cloud and @semgrep. 📍 Learn more at our joint demo at Black Hat Booth #3240 on Wednesday…

💡Some of our best product insights come from relationships we’ve built within the security community. We love spending time with the Semgrep community! We’re excited to be hosting events for the AppSec community in an ⚛️ interdimensional grocery store, 🚜 adult sandbox,  🧊 ice…

One of the things we love most about Hacker Summer Camp is watching our talented security experts deliver talks to the community! 🔥 We’re lucky to work with such a talented crew– be sure to check out one of their sessions if you’re in town. Speaker line-up in thread below,…

We’re excited to announce our partnership with @sysdig to bring code-to-cloud context into both the Semgrep and Sysdig platforms. Our bi-directional integration closes the loop between static analysis and real-time runtime risk, bringing context into both platforms. Now you…