Announcing the Trail of Bits and Semgrep partnership
2024-9-19 21:0:30 Author: securityboulevard.com(查看原文) 阅读量:1 收藏

At Trail of Bits, we aim to share and develop tools and resources used in our security assessments with the broader security community. Many clients, we observed, don’t use Semgrep to its fullest potential or even at all. To bridge this gap and encourage broader adoption, our CEO, Dan Guido, initiated discussions with the Semgrep team. Through these discussions, we identified areas where our expertise could enhance Semgrep’s capabilities and vice versa. We are excited to announce a new partnership with Semgrep, born from these conversations. This collaboration allows us to deliver Semgrep’s advanced features to our clients faster.

At Semgrep, we are thrilled to partner with Trail of Bits, whose rigorous approach to security engineering and research directly complements our focus on embedding secure coding practices within the development pipeline. Their expertise in identifying and mitigating vulnerabilities aligns with our efforts to provide precise and actionable guardrails, enabling teams to produce secure software by design. -Daghan Altas, CRO, Semgrep

But why Semgrep?

Much like mechanics have a toolbox for their work, so do engineers. We use a suite of tools on every engagement that aid our manual testing. But Semgrep is one of the first tools our application security team implements when auditing a codebase. It helps us find low-complexity bugs and specific code patterns without building the target code. Its more advanced capabilities allow us to strategically ignore parts of code and to write custom rules. We also train our clients on using Semgrep and other testing tools/methodologies during our assessments.

We encourage not just our clients to use Semgrep in their testing strategies—we believe it’s an incredibly valuable tool for any dev team.

Semgrep resources

Since our team uses Semgrep frequently during client engagements and in our research, we’ve learned a lot about its capabilities. We share our insights through blog posts, covering topics like custom rules we’ve developed, securing ML projects, and discovering bugs. We also have a comprehensive Testing Handbook with an entire chapter dedicated to Semgrep. Below is just a handful of our Semgrep resources and research:

General resources about Semgrep

Claroty

Detailed Semgrep use cases

If you’re interested in learning more about using Semgrep and other custom tooling to enhance your application’s security throughout its SDLC, we’re here to help. Contact us to discuss how we can provide tailored training for your team.

*** This is a Security Bloggers Network syndicated blog from Trail of Bits Blog authored by Trail of Bits. Read the original post at: https://blog.trailofbits.com/2024/09/19/announcing-the-trail-of-bits-and-semgrep-partnership/


文章来源: https://securityboulevard.com/2024/09/announcing-the-trail-of-bits-and-semgrep-partnership/
如有侵权请联系:admin#unsafe.sh