Semgrep, a code security solution designed for engineering-centric security programs, announced general availability and support for C and C++ programming languages in Semgrep Code, aiming to set a new standard for rapidly securing C and C++ codebases without compromising on accuracy or efficiency. Semgrep Code is a fast, customizable, and developer-oriented static application security testing (SAST) solution.
Extending upon Semgrep Open Source, Semgrep Code supports the proprietary analysis capabilities and rules needed to enable accurate C and C++ scanning—because of this, C and C++ coverage is not available in Semgrep Open Source.
Semgrep Code is built for transparency; users can configure the rules it runs and inspect its syntax to understand how any finding was detected. Semgrep rules look like source code and are easy to understand.
Semgrep Code's C and C++ support is meant for security teams who need to help their developers ship secure code, but face challenges enforcing and scaling their desired security posture due to the volume of code they are responsible for, slow processes, and resource constraints.
Prior to Semgrep, the vast majority of SAST tools capable of parsing and interpreting C and C++ code required a build step, which could often take hours, according to the company.
This development is particularly significant for industries reliant on C and C++ for critical applications, such as automotive, medical devices, large-scale web services, gaming, and embedded systems. Semgrep's fast and scalable solution equips these companies with the means to fortify their code against vulnerabilities while meeting strict performance requirements, according to Semgrep.
"Our support for C and C++ in Semgrep Code marks a pivotal moment in the evolution of code security. For this release, organizations that have specific performance requirements, run on embedded systems, or must support legacy infrastructure were top of mind as we want to empower them to deliver secure code faster and more efficiently than ever before," said Luke O'Malley, chief product officer at Semgrep.
Support for C and C++ is available within Semgrep Code immediately.
For more information about this news, visit https://semgrep.dev.