Application security

New open-source SAST tool unveiled after Semgrep clampdown

CyberScoop reports that widely used static application security testing tool Semgrep's more limited community-contributed rule usage following a recent licensing policy change has prompted Endor Labs and nine other application security vendors to unveil the Opengrep tool.

Opengrep, which is forked from Semgrep, will keep the older tool's open source nature and provide users complete access to its scanning capabilities, according to the consortium, which emphasized the establishment of dedicated Opengrep development, testing, and deployment teams while ensuring the tool's long-term stability with an imminent transfer to a foundation or nonprofit entity. "...[W]e all benefit from a standardized, open source SAST engine, and we all contribute community rules and improvements for it. But that is exactly the point. The promise of Opengrep means that developers and application security teams will get a better baseline product, no matter who their AppSec vendor of choice is," said Endor Labs CEO Varun Badhwar.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds