Read the complete blog and grab our free whitepaper👇  https://t.co/4wxaL4NDIz

Why this matters for your team: 🌀For Developers: It eliminates "false alarm" friction. You only get alerted when a vulnerability is truly exploitable, allowing you to spend more time shipping features and less time chasing ghosts. 🌀For Security Teams: It provides a clear

Reachability Analysis. Reachability is the process of determining whether a known vulnerable function in a third-party package is actually reachable by your application code. It moves beyond basic version checking by analyzing three critical layers: - Dependency reachability:

Most security and development teams face the same frustrating problem: a mountain of vulnerability alerts, most of which have zero impact on the actual security of their application. Traditional SCA tools simply check version numbers in manifest files; they don't know if your

Product Engineers are asked to do two jobs: define the roadmap and build the product. To survive, the answer is often "vibe coding" with platforms like Replit, Lovable, and Bolt. With these tools, anyone can prototype and ship software without ever leaving their browser. The

Will AI-generated code be secure by default in 2026?  Here is our take. #AppSec #AI #CyberSecurity #DevSecOps

"Shift Left" is often just a nice way of saying "Shift Blame." For years, the strategy has been simple: move security scans earlier in the pipeline. The result? We just moved the bottleneck. Instead of security engineers drowning in alerts, now developers are. It’s time to

Why do most AI agents struggle to find real vulnerabilities? It’s a context problem. Most generic LLMs operate on snippets or general patterns. They don't truly "know" your codebase, leading to misinformed and generic advice. Semgrep is different. Because we sit within the

Last chance to join us! ⏰ Tomorrow at 9:00 AM PT, grab your coffee and tune in for a live, no-slides, no-scripts conversation on the ideas shaping (and shaking up) cybersecurity in 2026. @InsiderPhD (@semgrep) and @AubreyKingF5 (@F5) will go head-to-head on the industry’s

Source:

For startups, speed is survival. But security debt is an anchor. According to NIST, fixing a vulnerability in production is roughly 30x more expensive than fixing it during development. For a lean team, avoiding this "production tax" isn't just about saving money. It's about

We believe the best way to prevent secret leaks isn't faster remediation, it's stopping them at the source during development. Asking developers to "be more careful" doesn't work. Providing tools that catch mistakes in real-time does. That is why Semgrep Secrets is designed to

Consider updating React and Next dependencies again. Last week the React Blog released patches for React2Shell which made many applications vulnerable to Unauthenticated Remote Code Execution (RCE). The React team has since followed up with two more vulnerability discoveries:

That’s a wrap on Black Hat Europe 🇬🇧 Huge thank you to everyone who stopped by Booth #816 and to everyone who joined us at our events, Security Sundowners on the Sunborn Yacht and THE CUBE Experience. It was awesome to see so many familiar faces and to meet a bunch of new ones.

Should developers really have to be security experts? We believe the answer is no. Organizations hire developers to solve complex business problems, innovate, and ship features at speed. Then, they ask them to also be experts in cryptography, the OWASP Top 10, and supply chain

Security teams are navigating rapid change: AI adoption, shifting developer expectations, tighter budgets, and constant pressure to do more with less. On December 16th at 9:00 AM PT, join @InsiderPhD (@semgrep ) and @AubreyKingF5 (@F5) for a live, unscripted session where they

Huge thank you to everyone who joined us for Security Sundowners on the Sunborn Yacht last night 🛥️🍸 And a big shoutout to our partners who helped make it happen: @tines_hq, @cyera_io, @sublime_sec, and @zenitysec 🙌 Still in town tonight? Join us for one more adventure: THE

Ready to shape the future of AppSec? We are hiring across Engineering, Sales, and Marketing! Come build with us. 🌀See our open roles: https://t.co/LJaYvifG6r

Black Hat Europe is in full swing, and we’re live at booth #816 with great conversations happening all day 🙌 Come say hi to the Semgrep team to see how our AI-driven AppSec platform helps dev and security teams fix vulnerabilities earlier, reduce noise, and accelerate release