Pain-free custom linting: why I moved from ESLint and Bandit to Semgrep

Semgrep is an open-source analysis tool that simplifies the process of rule writing across multiple programming languages by allowing developers to write analysis in a way that mirrors their coding style, unlike traditional AST-based frameworks that require complex graph algorithms. Developed by r2c and originally designed at Facebook, Semgrep utilizes features like metavariables, ellipsis operators, and smart pattern matching to facilitate concise and precise code analysis, reducing the need for extensive boilerplate code. This approach not only enhances the efficiency of static analysis, significantly decreasing false positive rates, but also supports easy adaptation of rules across different languages. Semgrep's capabilities extend beyond pattern matching, offering advanced functionalities such as type hints, module path awareness, and custom post-analysis filtering, making it a robust alternative to both AST and grep-based tools. Overall, Semgrep provides a more intuitive and efficient experience for developers, especially when prototyping rules against real code, by eliminating the complexities associated with traditional code analysis methodologies.