Semgrep, a code security solution designed for engineering-centric security programs, is launching its public beta of Semgrep Secrets, a product for detecting and securing sensitive credentials during the software development process.
Semgrep is designed for engineers—software and security alike—who need to maintain a fast cadence of software development and solve the root causes of security issues, according to the company.
Secrets refer to sensitive data, such as hardcoded passwords, API keys, encryption keys (SSH, PGP, etc.), certificates (SSL, TSL, etc.), and authentication tokens.
During the software development process, it's common to insert sensitive data and credentials - or secrets - into code, configuration files, and containers that are unique to the developer or organization.
This can quickly become a security issue if the data is unintentionally leaked or accessed by unauthorized users. Semgrep Secrets detects and keeps secrets safe throughout the development process, according to the company.
Key benefits of Semgrep Secrets include:
- Detect secrets and how they are used using Semgrep's semantic analysis.
- Reduce false positives by prioritizing fixing of valid credentials.
- Detect secrets that are specific to your internal services.
- Minimize developer alert fatigue from false positives.
- Get secrets-related findings directly in the developer workflow.
- Prevent secrets from being committed to your code repository.
Find and remediate security issues in your code, software supply chain, and secrets using one platform, according to the company.
"Semgrep Secrets is launching with features that immediately make it a best-in-class tool for secrets detection, and some that we believe are completely novel, like leveraging semantic analysis for hard-coded credentials. The impact is that only relevant issues are flagged to developers without them having to leave their workflow. We launched this product to beta in 107 days and I'm super excited for what the team behind it will ship next!" said Isaac Evans, CEO and co-founder at Semgrep.
Semgrep Secrets costs $30 per developer, per month. Bundled pricing is available when purchased with other Semgrep products.
For more information about this news, visit https://semgrep.dev.