You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
New language R with experimental support (#2360)
Thanks to Zythosec for some contributions.
Autodetection of CI env now supports Azure Pipelines, Bitbucket, Buildkite, Circle CI, Jenkins,
and Travis CI in addition to GitHub and GitLab
You can now disable version checks with an environment variable by setting SEMGREP_ENABLE_VERSION_CHECK=0
Dataflow: spread operators in record expressions (e.g. {...foo}) are now translated into the Dataflow IL
An experimental LSP daemon mode for semgrep. Try it with semgrep lsp --config auto!
Changed
Rules are now downloaded from the Semgrep Registry in JSON format instead of YAML.
This speeds up rule parsing in the Semgrep CLI,
making a semgrep --config auto run on the semgrep Python package in 14s instead of 16s.
Fixed
Fixed a bug where --disable-version-check would still send a request
when a scan resulted in zero findings.
Fixed a regression in 0.97 where the Docker image's working directory changed from /src without notice.
This also could cause permission issues when running the image.
Go: single pattern field can now match toplevel fields in a composite
literal (#5452)
PHP: metavariable-pattern: works again when used with language: php (#5443)
PHP: booleans are propagated by constant propagation (#5509)