Drew Dennison
@drewdennison
Followers
1,350
Following
5,319
Media
7
Statuses
255
Cofounder @semgrep . Prev: @palantirtech @MIT
Joined December 2008
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Namorados
• 368884 Tweets
HAPPY ANNIVERSARY BTS
• 362372 Tweets
Congreso
• 313059 Tweets
Elon
• 261553 Tweets
Ciotti
• 221160 Tweets
Jerry West
• 155709 Tweets
Nigel
• 119563 Tweets
$COOKIE
• 96464 Tweets
The Logo
• 88207 Tweets
Happy 11th
• 82558 Tweets
Zemmour
• 71265 Tweets
Rohit
• 61657 Tweets
Kohli
• 59371 Tweets
Jamundí
• 55536 Tweets
Polis
• 54910 Tweets
LIKES ARE PRIVATE NOW
• 45898 Tweets
Mancuso
• 43627 Tweets
Virat
• 42645 Tweets
Powell
• 42516 Tweets
欄非公開
• 34653 Tweets
#BattleForNo10
• 22715 Tweets
Bullrich
• 19515 Tweets
Super 8
• 19225 Tweets
TRES DE FEBRERO IS COMING
• 16441 Tweets
Lia Thomas
• 15250 Tweets
Dube
• 13163 Tweets
Thiago Motta
• 13114 Tweets
Bookmarks
• 12721 Tweets
Inter Miami
• 12241 Tweets
Amazing work by the team to harness the powerful
@semgrep
code analysis engine to bring secret detection and validation to our customers 🤫
📢 The Secret’s out! We’re thrilled to share that Semgrep Secrets is available for Public Beta today! Secrets leverages Semantic Analysis in addition to regex and entropy-based validation to detect secrets with high precision.
Learn more →
0
4
13
1
2
26
.
@shehackspurple
welcome to the team! Super excited by your vision of AppSec excellence
We are thrilled to announce that
@wehackpurple
is joining forces with Semgrep!
Tanya Janca,
@shehackspurple
, has trained thousands of AppSec professionals and built an amazing community—with Semgrep she’ll continue that great work.
Read more here:
8
15
80
2
3
17
Wrote React code today and our team has
@semgrep
running on every pull request with some custom rules our frontend lead wrote. Incredible context about how to refactor the code to meet my team's coding best practices
2
2
20
1
0
6
Stoked for this partnership!
@jyotibansalsf
was one of the first coffee chats
@0xine
and I had prior to founding Semgrep and it’s an honor to work together to bring security to the best developer platform
🎯 Seamless integration alert! Now,
@HarnessIO
users can effortlessly incorporate Semgrep's SAST solutions into their workflows, enhancing code security and accelerating development cycles. Read the details here:
1
1
4
1
2
11
@IanColdwater
Looking for Staff Frontend Engineers. DM me or hiring
@r2c
.dev to come work on
@semgrep
0
1
6
Amazing to see the rapid iteration of the team on this
🤖 Semgrep: now augmented with AI
We’re excited to announce the private beta of Semgrep Assistant. Learn how we're using GPT to reduce noise and auto-fix bugs, making it even easier to ship secure code quickly 🧵
3
17
50
0
1
8
@HellaSecure
thanks for the invite to present! I had a lot of fun talking about Link to my slides for those interested:
#HellaConf
@r2cdev
1
3
8
This is a startup to watch
🚀 APIs help things go faster
🤯 BUT APIs also cause an ever-spiraling web of dependencies
At Akita, we're cleaning up the API dependency graph--using some out-there applications of PL that turn out to actually work.
Would love to hear your thoughts!
4
10
29
0
1
7
@HellaSecure
Oh man, Semgrep has come so far (including a new name!) since my talk at HellaConf 2020
0
0
4
@rsoesemann
@nawforce
@semgrep
@kylekyle
@CopadoSolutions
Apex is almost ready in
@semgrep
! Would love help testing the parser on actual code
4
0
7
Thanks for hosting me.
Watch the first part of yesterday meetup!
Guardrails for common security mistakes in Python web apps by Drew Dennison
@drewdennison
0
3
7
0
0
6
Super excited for the launch of Semgrep Academy 🙌
0
0
6
Fascinating how brittle software is that array[256] instead of 255 can bring down the entire system UI
According to developers
@luca020400
and BadDaemon, here is why the bug occurs:
The image is encoded in the "Google/Skia/E3CADAB7BD3DE5E3436874D2A9DEE126" color space (that's the full name of the color space - Skia is the name of a 2D graphics library made by Google)...
3
3
19
0
0
5
@dimsuz
Kotlin is in the works (Semgrep maintainer here). We have JSON and I suppose XML wouldn’t be too hard at least for the sane parts of the spec
1
0
5
Congrats on the new release!
Releasing
njsscan, a cli SAST tool that finds insecure code in Node.js apps.
Powered by Semantic Grep from
@r2cdev
libsast, a generic SAST library for writing your own static analyzer.
#nodejs
#devsecops
#javascript
#appsec
2
41
88
0
2
4
Looking forward to it!
In May 28th's OWASP OC
@owaspoc
meeting we are virtually bringing you 2 presentations: "Guardrails for common security mistakes in Python web apps" by
@drewdennison
and "Yes, you too can break crypto: Exploiting common crypto mistakes" by
@kojenov
0
1
6
0
0
4
@anantshri
@DaghanAltas
@bnchandrapal
@semgrep
Semgrep maintainer here. Semgrep is completely open-source (LGPL - think Linux). We also have ~1100 rules in a git repo that is Commons Clause license which means you can use the rules commercially but can’t resell them without attribution and permission 😊
0
1
4
Excited to share what we've been up to at
@r2cdev
. A big thanks to everyone who has helped and inspired us on this journey 🙏
⭐ Semgrep just passed 2,000 GitHub stars, yay!
📣 Today we’re thrilled to introduce Semgrep Community and announce our Series A funding from
@redpointvc
and
@sequoia
.
🙏 Thanks to all who’ve supported us along the way. We’re grateful and humbled.
More:
1
19
67
0
0
3
An amazing intern project!
🤔 What if grep had types?
Our intern, Emma, explored this and added type-awareness to Semgrep. Now you can find bugs and antipatterns or enforce best practices even more precisely:
0
13
38
0
0
4
Abhay is great. Recommend his training
OWASP Santa Barbara has teamed up with
@we45
's founder
@abhaybhargav
to bring you a hands-on workshop on security testing automation using
@zaproxy
and other dynamic scanning tools. Topics include context-awareness, authN, SPAs, APIs, CI/CD integration.
2
9
11
0
1
4
1
0
3
.
@gdb
the Semgrep team is very impressed by gpt-4o’s performance on understanding code. Incredible progress
0
0
2
@snyff
Not just speed of running, speed to iterate on false positives. Incidentally last night
@yoann_padioleau
investigated a perf bug in semgrep where the runtime was 3 mins - now 3.2s.
0
0
3
0
0
2
@anantshri
@DaghanAltas
@bnchandrapal
@semgrep
To answer your question explicitly, yes an organization can run it on an internal instance and yes you can run it locally as both independent person and a commercial company 👍
1
0
3
We’re excited to have you onboard!
0
0
3
2
0
3
@deskriders_twt
@semgrep
Pro-tip: you can do ['--config', 'p/python', '--config', 'p/bandit', … to avoid the 2 startup costs with 2 invocations
0
0
3
@Darkarnium
@DanHatesNumbers
@dcuthbert
Glad you found SARIF. We're big fans of community standards!
0
0
3
.
@clintgibler
with autofix demo!
On Sunday's show,
@clintgibler
showed us how
@r2cdev
's Semgrep "autofixes" code that doesn't use approved secret services... Minds were blown! 🤯😆
Check out the full "extended" show here:
2
3
31
0
0
2
Very excited to share what we've been working on this year!
0
0
1
@lightspeedvp
@semgrep
@0xine
@dlukeomalley
Very excited to partner with LSVP and
@wakohler
and
@anoushkavaswani
!
0
0
1
@anantshri
@DaghanAltas
@bnchandrapal
@semgrep
@CodeVigilant
Awesome! Glad you’re using Semgrep and looking forward to seeing your php expertise. Please feel free to DM if chatting on zoom for any feedback or feature requests is helpful🙂
0
0
2
@ryanelkins
@semgrep
Very cool! Also if you want to go really big you can run semgrep --config r/all and run everything 😎
1
0
2
@_jtmelton
@clintgibler
@dlukeomalley
@0xine
Thank you for your kind words -- they mean a lot! An OSS project is nothing without its community members and I know we will learn a lot from your feedback 🙏
0
0
2
@securitygen
@alexjplaskett
Appreciate the feedback and yep can add a flag but we’re moving to a safe metavariable comparison without having to resort to the eval escape hatch.
0
0
2
Lots of good stuff in this spring update!
Drumroll, please! 🥁 Our May quarterly launch is here, and we can’t contain our excitement!
Brace yourselves for a steller lineup of new features, including Semgrep managed scanning (formerly Zero Config Scanning), RBAC, faster monorepo support, and new Semgrep Secrets
0
1
3
0
0
2
0
0
2
@empijei
@connerjensen780
@dividinglimits
@goinggodotnet
TIL thanks. I took a first stab at the template bad types using Semgrep here:
0
0
2
0
0
2
@_MichaelMusil
@_paulshen
@_paulshen
see to get you started
$ semgrep --autofix --config drewdennison:autofix-function-to-const
1
0
2
@jwhelan
@rsoesemann
@nawforce
@semgrep
@kylekyle
@CopadoSolutions
If you're on the community slack () there is a
#lang
-apex channel. See you there!
0
0
2
This game is a cross between mario cart and tron 🏎️
🏎️ It’s time to put your coding skills to the test in Semgrep Speedway! Just as the Semgrep Platform champions ‘shift left’ security, this game will challenge you to navigate security hurdles with agility and precision. Are you up for the challenge?
0
0
1
0
0
3
Does anyone have a technical contact
@ForcepointSec
? I have a quick
@awscloud
marketplace request
0
1
2
@247arjun
@semgrep
@AzureDevOps
@semgrep
OSS is distributed on both PyPI and Docker so it should be quite easy to run with Azure. Would love a contribution to probably follow the Jenkins or CircleCI example
0
0
2
Really enjoyed reading this one
📚 tl;dr sec 45
*
@databricks
protecting public s3 buckets
*
@TheDavisJam
ReDoS cheatsheet
*
@dcuthbert
“...something truly special happening in the static analysis world”
*
@cloudsa
PrivEsc in Salesforce
*
@DanielMiessler
attribution via reverse TM
1
1
5
1
0
2
@rsoesemann
@nawforce
@semgrep
@kylekyle
@CopadoSolutions
@pmd_analyzer
Great! Join the community slack?
0
0
2
Verifying myself: I am drew on Keybase.io. zw6BETh2tkp2_e3J0wYd4pIvzpDVB5um69Rl /
0
0
0
@timb_machine
@wireghoul
@dcuthbert
@r2cdev
@project_harbor
@yoann_padioleau
was one of main contributors to Coccinelle. He's the visionary behind semgrep which aims to be a multi-language Coccinelle++
1
0
2
@dgryski
@njcw
@nicholascwng
Thanks.
@njcw
do you have any example code? (feel free to DM me if easier to show over Zoom). I opened this ticket if you want to follow along
1
0
1
@PredragGruevski
@r2cdev
Thanks for suggesting these lint rules. Even after coding in python for 10 years I was surprised by the behavior. 🙌 to more community codifying framework sharp edges into tooling
1
0
1
@anantshri
@semgrep
This is an interesting use case and agreed there are often subtle (or not!) security problems in SO answers. If you're interested in writing one, I would be happy to chat and help with any API needs
1
0
1
Thanks
@JuliaLawall
for sharing your wisdom from 15 years of patches to the Linux kernel
Yesterday we hosted
@JuliaLawall
from
@Inria
for a virtual r2c meetup where she presented, “Coccinelle, Prequel, and Spinfer: Code Evolutions in the Linux Kernel.” Julia kindly agreed to let us record the presentation and we’re sharing it with you here:
1
2
8
0
0
1
0
0
1
0
0
1
@abhaybhargav
@abhaybhargav
I attended your Dr. DevSecOps talk at Appsec Cali and was impressed with your AWS lambda architecture to build a fast code scanning pipeline. Glad you found semgrep and I liked your demo flow.
1
0
1
0
0
1