CyberScoop reports that widely used static application security testing tool Semgrep's more limited community-contributed rule usage following a recent licensing policy change has prompted Endor Labs and nine other application security vendors to unveil the Opengrep tool.
Opengrep, which is forked from Semgrep, will keep the older tool's open source nature and provide users complete access to its scanning capabilities, according to the consortium, which emphasized the establishment of dedicated Opengrep development, testing, and deployment teams while ensuring the tool's long-term stability with an imminent transfer to a foundation or nonprofit entity. "...[W]e all benefit from a standardized, open source SAST engine, and we all contribute community rules and improvements for it. But that is exactly the point. The promise of Opengrep means that developers and application security teams will get a better baseline product, no matter who their AppSec vendor of choice is," said Endor Labs CEO Varun Badhwar.