Expanding Semgrep Supply Chain into Dependency Intelligence and License Compliance

Semgrep Supply Chain has introduced two new features, Dependency Search and License Compliance, to enhance supply chain security and provide users with deeper insights into their dependencies. Dependency Search allows users to query their entire codebase for any dependency at any version, facilitating proactive investigation of vulnerable packages even before CVE disclosures, as demonstrated by a Fortune 100 company that identified potential vulnerabilities quickly. License Compliance helps ensure that non-compliant licenses are flagged during pull requests, promoting awareness of legal constraints in software development. Since its launch, Semgrep Supply Chain has aimed to reduce false positives and streamline the management of open source vulnerabilities, and these features represent the next step in addressing broader supply chain issues.