ICFP 2021
Sun 22 - Sat 28 August 2021
Sat 28 Aug 2021 04:00 - 04:20 at OCaml - Session 6 Chair(s): Rudi Grinberg

Semgrep, which stands for “semantic grep,” is a fast, lightweight, polyglot, open source static analysis tool to find bugs and enforce code standards. It is used internally by many companies including Dropbox and Snowflake. Semgrep is also now used as the default Static Application Security Testing (SAST) tool in Gitlab for Python, Javascript, and Typescript.

As opposed to most static analysis tools, Semgrep makes it easy to define your own rule by providing a Domain Specific Language (DSL) to write code patterns that looks like regular code. You can easily learn and experiment with Semgrep by using a web-based editor called the Playground.