I am happy to announce that next Tuesday (the 24th of January), Yoann Padioleau will discuss “Semgrep, A polyglot customizable bug-finding tool”.
You’ll find the Zoom link below!
Semgrep is a fast, polyglot, open-source(GitHub - returntocorp/semgrep: Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.) static analysis engine for finding bugs, detecting vulnerabilities in third-party dependencies, and enforcing code standards. Its rules look like the code you already write; no abstract syntax trees, regex wrestling, or painful DSLs. It currently supports 26 programming languages (e.g., Java, Go, Python, C++, Ruby, etc.), and with 1,000+ existing rules and simple-to-create custom ones, it finds the bugs that matter. Semgrep can run anywhere: in CI, your editor, or the command-line. Plus, with dedicated infrastructure from r2c, the company behind Semgrep, it is easy to deploy, manage, and monitor Semgrep at scale. Semgrep can also run in the browser thanks to its interactive playground (Semgrep), making it easy for newcomers to learn and experiment with Semgrep. This talk will present Semgrep, its history, main features, and the ecosystem around it (playground, web app, GitHub integration).
This talk will also quickly present some of its implementation details, such as how it solves language engineering problems using tree-sitter,
a library developed by Github.
Yoann Padioleau is a staff software engineer at r2c (https://r2c.dev),a startup whose mission is to profoundly improve software security and
reliability. He is the main creator of Semgrep (https://semgrep.dev), a polyglot customizable bug-finding tool used now by thousand companies (e.g., Dropbox, Slack, Netflix, Snowflake, Figma) and by hundreds of thousands of developers around the world. Before R2C, he was working at Facebook where he started the program analysis group. He was also a founding member of the test engineering and application security (AppSec) teams there.
Before Facebook, he was a PhD and Postdoc in academia where he developed among other things Coccinelle (Coccinelle: A Program Matching and Transformation Tool for Systems Code), a code refactoring tool for the Linux kernel. Some of the ideas in Semgrep can actually be traced back to his work in Coccinelle. He enjoys coding almost exclusively in OCaml, and when he is not coding he enjoys the good food and family life in Italy, where he lives.
To avoid other security issues is now necessary to register for the meeting. The registration should be necessary just once and be valid for all the next meetings you will participate in. I understand it is a little extra effort, but it would avoid problems like the ones we encountered:
After registering, you will receive a confirmation email containing information about joining the meeting. It will also permit you to add it to your calendar.
It is hosted on Zoom at 5 PM GMT+1/CET (you can use this link to figure out which time is in your timezone: Dateful Time Zone Converter.