Product Hunt logo dark
  • Launches
    Coming soon
    Upcoming launches to watch
    Launch archive
    Most-loved launches by the community
    Launch Guide
    Checklists and pro tips for launching
  • Products
  • News
    Newsletter
    The best of Product Hunt, every day
    Stories
    Tech news, interviews, and tips from makers
    Changelog
    New Product Hunt features and releases
  • Forums
    Forums
    Ask questions, find support, and connect
    Streaks
    The most active community members
    Events
    Meet others online and in-person
  • Advertise
Subscribe
Sign in
Subscribe
Sign in
Semgrep

Semgrep

Find bugs and enforce code standards

5.0•1 review•

9 followers

Find bugs and enforce code standards

5.0•1 review•

9 followers

Visit website
A fast, open-source, code analysis tool that excels at expressing code standards — without complicated queries. Rules look just like code; no more wrestling with regexes. Includes 900+ rules and SaaS infra for use in your editor, at commit-time, or in CI.
  • Overview
  • Launches2
  • Reviews1
  • Team
  • More
Company Info
semgrep.dev
Semgrep Info
Launched in 2020View 2 launches
Forum
p/semgrep
  • Blog
  • •
  • Newsletter
  • •
  • Questions
  • •
  • Forums
  • •
  • Product Categories
  • •
  • Apps
  • •
  • About
  • •
  • FAQ
  • •
  • Terms
  • •
  • Privacy and Cookies
  • •
  • X.com
  • •
  • Facebook
  • •
  • Instagram
  • •
  • LinkedIn
  • •
  • YouTube
  • •
  • Advertise
© 2025 Product Hunt
SocialX
This is the 2nd launch from Semgrep. View more
Semgrep Assistant

Semgrep Assistant

Your AI Appsec Engineer
Semgrep combines static analysis and LLMs to ensure that both security teams and developers only deal with real security issues.
Semgrep Assistant gallery image
Semgrep Assistant gallery image
Semgrep Assistant gallery image
Free Options
Launch tags:
SaaS•GitHub•Development
Launch Team / Built With
Bence Nagy (underyx)Drew Dennison
Linear

What do you think? …

Bence Nagy (underyx)
Bence Nagy (underyx)
Maker
📌
Heya all, excited to show off what I've been privately calling an AI cybersecurity tool built by AI skeptics. Two years ago we started a series of experiments with this philosophy of identifying small pieces of cognitive work where a human can very clearly map out the input data they need and the algorithm they'd follow to make a decision. This idea came partly out of frustration with the zeitgeist involving throwing broad AI features (e.g. useless chat bots) into products that end up unreliable and are targeting no clear problem a user might actually have. It feels kind of like a machete vs. scalpel approach. For one, Semgrep (without AI) emits a stream of possible vulnerabilities found via static analysis, and Assistant reviews this stream of vulns to filter out obvious false positives. This happens before developers are notified, so that we can prevent posting PR comments that would annoy devs, and instead just hold those notifications for review by an AppSec team. This seems to help increase trust in the security tool overall, as devs are less likely to approach alerts with skepticism. Second, things deemed true positives also come with specific AI-generated instructions on how to solve them. This is one of the parts where the 'surgical' approach helped immensely; we noticed that as humans we usually first try to find a past instance of someone successfully fixing a similar problem in git history, and we look at the project dependencies to see what libraries are readily available. So both these are included in the context we pass in the prompt, which leads to some very impressive code generation that uses even internal libraries correctly when it's required to sanitize data, for example. The most recent addition to this whole system is our memories system though. When users triage findings and leave comments such as "Anything under the /dashboard/ prefix is internal access only", Semgrep Assistant parses this for information it might want to learn to apply to triage decisions or fix instructions, and checks if these new facts apply to existing findings you already had in the backlog. We had a customer whose backlog was cut by around 40% by adding just 4-5 memories that explain common reasons vulns do not apply in their environment. I know it's a saturated space but my team believes our approach is actually useful, so we're expecting comments written with some suspicion but optimistic we can convince some of you there's something real[0] here (: [0]: https://semgrep.dev/blog/2024/do...
Report
7mo ago
Intercom
Intercom — Startups get 90% off Intercom + 1 year of Fin AI Agent free
Startups get 90% off Intercom + 1 year of Fin AI Agent free
Promoted

Semgrep Launches

Semgrep Assistant
Semgrep Assistant Your AI Appsec Engineer

Launched on January 23rd, 2025

Do you use Semgrep?

5.0
Based on 1 review
Review Semgrep?
Reviews
Helpful
VibeSec
Gabriel Moseti
Gabriel Moseti
used Semgrep to buildVibeSecVibeSec
(217 points)
Made this project a lot more feesable.
Report
2mo ago