Subscribe
Sign in
Start new thread
All
Semgrep Supply Chain
p/semgrep-supply-chain
It's time to ignore 98% of dependency alerts
Visit Product
Bence Nagy (underyx)

Semgrep Supply Chain — It's time to ignore 98% of dependency alerts

1
Semgrep Supply Chain helps you fix the security issues caused by your dependencies, but without flooding you with alerts. It scans your dependencies *and* your code, to determine when you're actually at risk because of a third party vulnerability.
Replies
Best
Bence Nagy (underyx)
Maker
Heya! Very excited to share. This is our company's second product; which was built based on the pain points we heard the most, over and over again, from our existing customers and prospects: that dependency alerts are useless because they're so full of false positives. We've trialled a possible solution based on reachability analysis, and after checking in with some trial customers feel like this is *the* solution :D AMA about Semgrep Supply Chain!