Application Security

Semgrep announces support for C and C++

Company addresses demand for a fast and effective security solutions for C and C++ developers

Semgrep, a code security solution designed for engineering-centric security programs, today announced general availability and support for C and C++ programming languages in Semgrep Code, a fast, customizable, and developer-oriented static application security testing (SAST) solution. With this added coverage, Semgrep Code will set a new standard for rapidly securing C and C++ codebases without compromising on accuracy or efficiency.

Security teams working with C and C++ are currently stuck with older generations of SAST tools that make it difficult for them to collaborate with software developers, involve them in the security process, and effectively shift left (i.e. incorporate security at the very beginning of the software development lifecycle). As a result, it’s difficult for these teams to find and fix security issues before they enter production codebases and are inundated with manual triage work and a constant backlog of security issues.

Semgrep Code is Semgrep’s proprietary SAST solution that scans code for security vulnerabilities. Extending upon Semgrep Open Source, Semgrep Code supports the proprietary analysis capabilities and rules needed to enable accurate C and C++ scanning – because of this, C and C++ coverage is not available in Semgrep Open Source. Semgrep Code is built for transparency; Users can configure the rules it runs and inspect its syntax to understand how any finding was detected. Semgrep rules look like source code and are easy to understand.

Semgrep Code’s C and C++ support is meant for security teams who need to help their developers ship secure code, but face challenges enforcing and scaling their desired security posture due to the volume of code they are responsible for, slow processes, and resource constraints. Prior to Semgrep, the vast majority of SAST tools capable of parsing and interpreting C and C++ code required a build step, which could often take hours.

This development is particularly significant for industries reliant on C and C++ for critical applications, such as automotive, medical devices, large-scale web services, gaming, and embedded systems. Semgrep’s fast and scalable solution equips these companies with the means to fortify their code against vulnerabilities while meeting strict performance requirements.

“Our support for C and C++ in Semgrep Code marks a pivotal moment in the evolution of code security. For this release, organizations that have specific performance requirements, run on embedded systems, or must support legacy infrastructure were top of mind as we want to empower them to deliver secure code faster and more efficiently than ever before,” said Luke O’Malley, Chief Product Officer at Semgrep.

Customer Support
“Scanning C and C++ projects at Semgrep speed has been awesome. The results look fantastic despite not requiring a build step, and we’re looking forward to getting the findings in front of our developers,” said Marcelino Solano, Security Software Engineer at Splunk.

“Semgrep helped us find, triage, and prioritize real C/C++ vulnerabilities in under an hour. Bringing these true positives to developers in an actionable way was simple as usual,” said Terryn Fredrickson, Senior Software Engineer at Yahoo.

Support for C and C++ is available within Semgrep Code immediately. To learn more about Semgrep C and C++ capabilities, read this blog post.

Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!

Related posts

LastPass names Don MacLennan Chief Product Officer

Business Wire

Contrast Security to Showcase CodeSec at BlackHat 2022

PR Newswire

Data Theorem selected to present at Apidays New York this week

Business Wire