Olivia
Online
Vasilii Ermilov
@ermil0v
Senior Security Researcher @semgrep
Joined June 2011
254 Following
184 Followers
171 Posts
Agents have created two new surfaces we use can secure code. Also, we finally can shift left...all the way before the code hits the file system
.@semgrep is excited to benchmark, enable for all coding models, and contribute a great roadmap of improvements to our fork of @AnthropicAI's reference architecture for defending code. Code security is too important and we must all unite under open source. Builders wanted.
Just finished an experiment using @claude Opus 4.7 xhigh on a popular open source C/C++ repo from a top tech company:
- @cramforce's excellent deepsec: does not support C/C++
- A random gist with a code security prompt: 1 critical, 3 high vulnerabilities for $18.09
- Semgrep's new Mandoline tool in "hunt" mode: 3 critical unauthenticated RCE, 15 high, 20 medium, 11 low, a persistent threat model, and a full security report: $7.13
Responsibly reported to the repo owner. Will share details on the vulnerabilities when public
There has been some confusion and misinformation circulating about the recent changes to Semgrep Community Edition. I want to clarify what is, and isn’t, changing. The Semgrep engine license remains LGPL 2.1.
Link in 🧵
Who to follow
Semgrep 
@semgrep
A fast, open-source, static analysis tool for profoundly improving software security and reliability.
Tanto Security
@TantoSecurity
Tanto Security is a leading provider of advanced offensive cyber security services to leading organisations across Australia, New Zealand and North America.
Isaac Evans
@0xine
Co-founder @semgrep. Make it cheap to make it expensive to exploit software.
Happy December, everyone! 🎄🎅
We’re kicking off the month with an exciting lineup of webinars! Check out whats coming up:
🗓️ December 3, 9AM PT: Adaptive Noise Canceling Meets Code Scanning.
👉 RSVP: https://t.co/OzAJW7fkjD
🗓️ December 5, 9AM PT: How to Swim in The Ocean of SCA.
👉 RSVP: https://t.co/aPDlLxjbvc
🗓️ December 6, 9AM PT: Founder Friday: re:Invent Reflections and AI Predictions.
👉 RSVP: https://t.co/aaTPXGOsj9
🗓️ December 13, 9AM PT: FireSide Chat: Burning Down Organizational Risk.
👉 RSVP: https://t.co/PtoKjvX8Qf
🎉 Don’t miss out—let’s make December unforgettable!
#appsec #sast #supplychain #cybersecurity #ai #devops
🎉 Big news: @semgrep made the 2025 #Cyber60 List by @FortuneMagazine & @lightspeedvp ! This honor highlights our mission to profoundly improve software security and reliability—and it’s all thanks to our incredible team pushing the boundaries every day.
🚀Huge shoutout to everyone at Semgrep! Check out the full list: https://t.co/IOBgBhzHaR
#appsec #semgrep #security
🚀 Big news for Python devs! Semgrep Code’s latest update brings supercharged Python support with new framework-specific analysis. Now track implicit data flows in Django, FastAPI, Flask, and more!
Check out how we're making Python code safer: https://t.co/kPXPAnwzb1
🚨 CONTEST ALERT! 🚨
Want to win 1 of 3 decks of 'Cards Against AppSec' by Tanya Janca? Simply RT this post and make sure you're following us to enter! ⏳ You have 48 hours—good luck!
#AppSec #Giveaway #CardsAgainstAppSec
I’ll be speaking at BSides Singapore on September 20!
Catch Vasilii Ermilov @ermil0v as he dives into "Most Common Vulnerabilities in GitHub Actions: Takeaways from Mass Scanning GitHub Repositories for Bounties."
📅 Sept 20, 2024
📍 Lifelong Learning Institute, SG
We’re excited to share our updated Jira integration! Developers now get AI-generated remediation steps in tickets, making fixing issues easy.
Semgrep can now auto-create tickets from high-priority issues, reducing overhead for tracking and triage.
More: https://t.co/rJUpm8Ku1k
New blog post and tool release: plORMbing your Prisma ORM with Time-based Attacks
https://t.co/DfUfQR1yJq and
https://t.co/eHlEWIRJWc
🚀 Exciting news! Introducing Semgrep Academy: your FREE ticket to mastering AppSec and more! 💻 Enroll now in our on-demand courses and elevate your skills!
https://t.co/RsqOTdiVzd
#SemgrepAcademy #FreeCourses #FreeAppSecCourses #Certification #AppSecCertification
What started as an April Fools joke turned into a great demo of Semgrep’s extensibility and scalability when it comes to adding support for new languages.
Check out more about our GA support for CodeQL’s query language in @onefiftyman’s blog post:
https://t.co/jARqn6Qg8N
Semgrep now supports C/C++ 🎉
https://t.co/KZQl1w7ONf
One of my "secret" techniques for code analysis in bug bounty (mostly parsing code leaked on GitHub) is manual semantic analysis, not just regex.
I'm SUPER hyped @semgrep has added this to their flow.
Check out the full blog on using it in the 2nd tweet below.
📢 The Secret’s out! We’re thrilled to share that Semgrep Secrets is available for Public Beta today! Secrets leverages Semantic Analysis in addition to regex and entropy-based validation to detect secrets with high precision.
Learn more → https://t.co/1yZ4jsw3cP
@BSidesMunich 👜 Bring your own code and I will help you write Semgrep rules, live at the workshop!
✍ Sign up for my workshop on October 14 if you are interested.
https://t.co/4aaN6w79oH
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers