Bringing Semgrep Managed Scanning to GitLab: automated code scanning at scale

Semgrep Managed Scanning has expanded its integration to include both GitLab.com and GitLab Self-Managed, in addition to its existing support for GitHub.com and GitHub Enterprise, allowing AppSec professionals to deploy code scanning infrastructure with minimal resource expenditure. This new feature, now available in public beta, enables users to onboard repositories seamlessly by connecting to GitLab Groups with an access token, setting up necessary GitLab webhooks, and managing scans without requiring internal servers or CI/CD pipeline configurations. The system conducts full scans weekly and diff scans on every pull request, with findings delivered as merge request comments based on predefined Semgrep policy settings. By eliminating the overhead of managing CI pipelines, Semgrep Managed Scanning allows users to focus on higher priority tasks in application security while ensuring repositories are continuously monitored and secure.