Semgrep, a code security solution designed for engineering-centric security programs, is debuting Semgrep Assistant, an AI-powered tool designed to empower AppSec engineers and developers to make decisions faster—and with greater accuracy.
Semgrep Assistant is a static code analysis tool that surfaces insights regarding security issues and bugs across all phases of an AppSec program, from rule creation to remediation, according to Semgrep.
Born from a need to radically streamline the process of reviewing security findings, identifying false positives, and prioritizing true positives, Semgrep Assistant leverages AI to accelerate the workflows occurring before and after the security scan itself, according to the company.
“Semgrep Assistant helped surface valuable context and recommendations to developers, aiding in the quick identification of false positives and remediation of legitimate findings. There were times where Assistant just felt magical,” said Allan Reyes, staff security engineer at Vanta.
The Semgrep Assistant offers:
- Auto-fix generation paired with relevant context for verification
- Triage assistance with GPT-4’s code comprehension
- False positive identification
- Custom rule-writing to fit a specific codebase
- Rule management
“Semgrep Assistant’s unique approach using AI to optimize existing workflows has led to extremely impressive feedback and results during the beta period,” said Jack Moxon, senior product manager at Semgrep. “We’re confident that Assistant is a huge value add to AppSec teams of all sizes, and we feel great about Assistant’s General Availability release.”
To learn more about Semgrep Assistant, please visit https://semgrep.dev/.