Secure your Apollo GraphQL server with Semgrep
By Vasco Franco tl;dr: Our publicly available Semgrep ruleset has nine new rules to detect misconfigurations of versions 3 and 4 of the Apollo GraphQL server. Try them out with semgrep --config...
View ArticleSecurity flaws in an SSO plugin for Caddy
By Maciej Domanski, Travis Peters, and David Pokora We identified 10 security vulnerabilities within the caddy-security plugin for the Caddy web server that could enable a variety of high-severity...
View ArticleDiscovering goroutine leaks with Semgrep
By Alex Useche, Security Engineer Originally published May 10, 2021 While learning how to write multithreaded code in Java or C++ can make computer science students reconsider their career choices,...
View ArticleClik here to view.
Secure your machine learning with Semgrep
By Suha Hussain tl;dr: Our publicly available Semgrep ruleset now has 11 rules dedicated to the misuse of machine learning libraries. Try it out now! Picture this: You’ve spent months curating images,...
View ArticleAnnouncing the Trail of Bits Testing Handbook
By Maciej Domanski Trail of Bits is thrilled to announce the Testing Handbook, the shortest path for developers and security professionals to derive maximum value from the static and dynamic analysis...
View ArticleClik here to view.
How to introduce Semgrep to your organization
By Maciej Domanski, Application Security Engineer Semgrep, a static analysis tool for finding bugs and specific code patterns in more than 30 languages, is set apart by its ease of use, many built-in...
View Article30 new Semgrep rules: Ansible, Java, Kotlin, shell scripts, and more
By Matt Schwager and Sam Alws We are publishing a set of 30 custom Semgrep rules for Ansible playbooks, Java/Kotlin code, shell scripts, and Docker Compose configuration files. These rules were created...
View Article
