Olivia
Online
Opengrep
@opengrep
The most advanced code security (SAST) engine - fully open-source. No paywall, no login.
Joined January 2024
22 Following
208 Followers
184 Posts
Pinned Tweet
We ship every week. Follow along the public roadmap /opengrep/issues
What's shipped so far:
✅ windows compatibility (beta)
✅ fingerprints & metavariables restored (SARIF & JSON)
✅ desktop app for rule crafting
⏭️ elixir support
⏭️ cross-file analysis
⌛️inter-file...
Are people still talking about opengrep? I thought that was a silly mistake we laughed at as an industry and went back to Semgrep, no?
Full changelog:https://t.co/67QposaYA6
We ship every week. Catch you next release 🤝
❤️🔥 Opengrep v1.23.0 is here.
This release adds Crystal support and guarded taint signatures, a more precise algorithm for intrafile taint tracking.
Highlights:
• Experimental support for the Crystal language.
• Bug fixes: spurious `..` walk-up in Windows reported paths on case-insensitive filesystems; truncated files no longer abort the scan.
https://t.co/jTjM0gKLHb
npm recently introduced staged publishing, and it directly targets the attack pattern behind most of the supply chain compromises we tracked this year.
Instead of npm publish pushing packages live instantly, npm stage publish puts them in a queue. A human with 2FA has to approve, preventing attackers from pushing malicious package versions with stolen tokens
We open-sourced a SAST rule that catches "npm publish" in your GitHub Actions workflows and flags it for migration.
• A fix for a bug that caused taint to be dropped in some collection functions when using --𝚝𝚊𝚒𝚗𝚝-𝚒𝚗𝚝𝚛𝚊𝚏𝚒𝚕𝚎
Full changelog: https://t.co/TvpwpJ4S2T
We ship every week. Catch you next release 🫡
🧡 New Opengrep release is here: v1.22.0
Highlights:
• More Dockerfile support improvements, including legacy syntax and BuildKit extensions
• Better support for Go interfaces
• LSP mode now supports the --𝚝𝚊𝚒𝚗𝚝-𝚒𝚗𝚝𝚛𝚊𝚏𝚒𝚕𝚎 flag
• Improved the efficiency of pruning with --𝚎𝚡𝚌𝚕𝚞𝚍𝚎
Full changelog: https://t.co/OyEwMb5bQQ
We ship every week. Catch you next release. 🫡
✨ New Opengrep release is here: v1.21.0
Highlights:
• Extended Dockerfile syntax support: correct handling of multiline strings, plus support for legacy syntax in 𝙴𝙽𝚅 and 𝙻𝙰𝙱𝙴𝙻
• Added support in C for GLib macros in variable definitions
• Support for more Elixir features (e.g. "abc" <> x and ^x patterns, 𝚌𝚊𝚜𝚎 expressions)
• Fixes for patterns in function parameters in Clojure
Full changelog: https://t.co/SlBvXxox7t
We ship every week. Catch you next release 🫡
✨ Opengrep v1.20.0 is out.
Major improvements in this release:
• Improvements in taint analysis involving anonymous functions
• Better support for Structural Pattern Matching in Python
Full changelogs: https://t.co/Fz32N8mpEB
We ship every week. Catch you next release 🤝
✨Three new Opengrep releases are out: v1.17.0 → v1.19.0
A lot shipped across these releases, with a strong focus on taint analysis and Elixir support.
v1.19.0
• Elixir: taint is now traced through 𝚏𝚘𝚛 comprehensions and the |> operator
• Ruby: fix in distinguishing between a variable and a parameterless function call
• Ruby: fix in 𝚘𝚋𝚓[𝚔𝚎𝚢] expressions, now correctly propagating taint
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.5M followers
Lady Gaga
@ladygaga
73M followers
Virat Kohli
@imvkohli
69.8M followers
Kim Kardashian
@kimkardashian
69.8M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.9M followers
Neymar Jr
@neymarjr
62.6M followers
The Ellen Show
@theellenshow
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.7M followers