New insight into backlogs, developer engagement, and security posture

Semgrep has introduced enhanced reporting features to provide Application Security (AppSec) teams with greater clarity on production backlogs, developer engagement, and overall security posture. These updates include insights into the adoption of secure guardrails, which are designed to subtly guide developers towards secure coding practices without halting progress. The new reporting capabilities allow teams to track the effectiveness of secure guardrails by monitoring how many vulnerabilities are prevented in the developer workflow and how many findings are addressed before reaching production. Additional views include analyses of production backlogs, backlog activity, the most vulnerable projects, and the median age of open findings, offering a comprehensive understanding of security metrics. These tools aim to help AppSec teams validate the success of their "shift left" security initiatives and demonstrate positive trends in security management.