cybersecurity

4430 readers

7 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

[email protected]

Semgrep & Jupyter (Do you use either?) (research.nccgroup.com)

submitted 2 years ago by [email protected] to c/[email protected]

3 comments fedilink hide all child comments

Now here's two tools I wish I was more experienced with - Semgrep and Jupyter. Beyond this cool article from NCC, I'm interested to hear from anyone who uses either one of these tools. How did you get started, what do you do with them, etc...

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 0 points 2 years ago* (last edited 2 years ago) (2 children)

I used semgrep in the past, my team is still evaluating which tool for SAST to use as a standard internally but we are mostly oriented on CodeQL

[–] [email protected] 0 points 2 years ago (1 children)

What do you like about CodeQL? Haven't used that yet either.

[–] [email protected] 1 points 2 years ago

Report quality (less FP) compared to semgrep, snyk and sonarcloud but a killer feature for me is that you get the call paths so you can see when and how a vulnerable dependency is called. Pretty useful on big codebases.