Introducing Semgrep for GitLab

Semgrep has integrated with GitLab, offering two main pathways for use: GitLab SAST and Semgrep CI. In GitLab SAST, Semgrep now serves as the default analyzer for JavaScript, Python, and TypeScript, replacing Bandit and ESLint, and allowing for simplified custom rule development with language-agnostic scanning. Through Semgrep CI, GitLab users can incorporate Semgrep into their CI/CD workflows to leverage over 1,000 community-driven rules and create custom rules with Semgrep’s intuitive syntax. Semgrep scan results appear in merge request discussions, facilitating integration into existing developer workflows, and optimizing performance by enabling faster scans through merge request triggers. GitLab is transitioning more of its SAST analyzers to Semgrep and aims to expand support to additional languages while contributing to the Semgrep open-source project and rule registry.