Semgrep, a code security solution designed for engineering-centric security programs, announced general availability and support for C and C++ programming languages in Semgrep Code, a fast, customizable, and developer-oriented static application security testing (SAST) solution. With this added coverage, Semgrep Code will set a new standard for rapidly securing C and C++ codebases without compromising on accuracy or efficiency.
Security teams working with C and C++ are currently stuck with older generations of SAST tools that make it difficult for them to collaborate with software developers, involve them in the security process, and effectively shift left (i.e. incorporate security at the very beginning of the software development lifecycle). As a result, it’s difficult for these teams to find and fix security issues before they enter production codebases and are inundated with manual triage work and a constant backlog of security issues.
Semgrep Code is Semgrep’s proprietary SAST solution that scans code for security vulnerabilities. Extending upon Semgrep Open Source, Semgrep Code supports the proprietary analysis capabilities and rules needed to enable accurate C and C++ scanning – because of this, C and C++ coverage is not available in Semgrep Open Source. Semgrep Code is built for transparency; Users can configure the rules it runs and inspect its syntax to understand how any finding was detected. Semgrep rules look like source code and are easy to understand.
Semgrep Code’s C and C++ support is meant for security teams who need to help their developers ship secure code, but face challenges enforcing and scaling their desired security posture due to the volume of code they are responsible for, slow processes, and resource constraints. Prior to Semgrep, the vast majority of SAST tools capable of parsing and interpreting C and C++ code required a build step, which could often take hours.
This development is particularly significant for industries reliant on C and C++ for critical applications, such as automotive, medical devices, large-scale web services, gaming, and embedded systems. Semgrep’s fast and scalable solution equips these companies with the means to fortify their code against vulnerabilities while meeting strict performance requirements.
“Our support for C and C++ in Semgrep Code marks a pivotal moment in the evolution of code security. For this release, organizations that have specific performance requirements, run on embedded systems, or must support legacy infrastructure were top of mind as we want to empower them to deliver secure code faster and more efficiently than ever before,” said Luke O’Malley, Chief Product Officer at Semgrep.
SOURCE: PRNewsWire