Mar 4 · 5 min read · Most linters catch style problems. Semgrep catches real bugs: SQL injection, hardcoded secrets, insecure deserialization, SSRF vulnerabilities, and misuse of cryptographic APIs. It works on source code using pattern matching that understands syntax —...
Join discussionMar 3 · 8 min read · Static Analysis Beyond Linting: CodeQL, Semgrep, SonarQube, and Snyk Code Linters enforce style. Static analysis finds bugs. The difference matters. ESLint will tell you about unused variables and inconsistent formatting. CodeQL will tell you that us...
Join discussionDec 16, 2025 · 3 min read · 📝 Quick Summary: GuardDog is a command-line interface tool designed to detect malicious packages across various ecosystems including PyPI, npm, Go, GitHub Actions, and VSCode extensions. It employs both source code analysis using Semgrep rules and p...
Join discussionSep 4, 2025 · 5 min read · Static code analysis has come a long way from the days of simple string searches. With the rising complexity of applications and threats, our tooling has evolved to meet the demand for both precision and context-awareness. This blog takes you through...
Join discussion
Jun 21, 2025 · 18 min read · Introduction This is the first article in a 30-day series on Static Application Security Testing (SAST). We’ll introduce what SAST is and why it matters for building secure software. SAST refers to analyzing source code to find security vulnerabiliti...
Join discussion
May 19, 2025 · 4 min read · DevOps is growing and changing every day, which also means new security risks can appear. Even if your cloud platform is well-protected, your CI/CD pipeline can still be a target. If the pipeline isn’t secure, attackers could find a way in or simple ...
Join discussion
Sep 24, 2024 · 6 min read · In the modern software development landscape, security has become a vital aspect of the development lifecycle. DevSecOps is the practice of integrating security into every phase of DevOps, ensuring that security is part of the continuous integration ...
Join discussionJun 29, 2024 · 4 min read · In my previous post about implementing a service layer in Django, I wrote about a simple pattern that "plays nice" with the mountain of functionality that comes with Django out-of-the-box, particularly the ORM. In this implementation, business logic ...
Join discussion
Jun 2, 2024 · 3 min read · An Introduction to Semgrep: Lightweight Static Analysis for Modern Codebases Introduction In the world of software development, maintaining code quality and security is a continuous challenge. Traditional static analysis tools can be cumbersome, slow...
Join discussion
Apr 13, 2023 · 11 min read · DevSecOps stands for Development, Security, and Operations. DevSecOps involves introducing security practices and integrating tools earlier in the software development life cycle (SDLC), rather than treating security as a separate, post-development a...
Join discussion