Training 101: Intro to Semgrep Supply Chain

November 28th, 2023

As more teams depend on open source code, the number of vulnerabilities and threats also increases. As with traditional SCA tools, identifying and triaging issues often leads to 98% false positive rate and misleading signals. Utilizing open source is critical to increasing developer productivity, but how do teams balance speed and security? 

Join us as we cover: 

  • What is Semgrep Supply Chain

  • How to quickly scan for vulnerabilities in open source dependencies using Semgrep Supply Chain

  • Finding the 2% open source vulnerabilities in your code that are actually reachable

  • Getting results in the developer's workflow to efficiently triage issues

Andy Huang
Semgrep
Product Manager