Glossary · Term

Semgrep

← all terms

Definition

Plain language

A static analysis tool for finding bug patterns in source code with simple rules.

As stated in the literature

A lightweight pattern-based static analysis engine that lets developers express vulnerability and bug patterns using code-like rule syntax.

Why it matters: It's how many security teams scale code review to large repos, and an AI agent that operates through Semgrep rules can therefore reach where humans can't.

For example, a Semgrep rule can flag every call to a deprecated crypto function across a million-line codebase in seconds.

Heard on the show

“The authors do an analysis of four other code-graph platforms — Sourcegraph, Semgrep, CodeQL, Qodana — and argue that the same preconditions exist there.”
Episode 039 — When Smarter Agents Get Fooled by Three Extra Nodes in a Database

Mentioned in 1 episode

  1. 039
    When Smarter Agents Get Fooled by Three Extra Nodes in a Database

Related terms