Secure your code and protect your data flows with Riscosity and Semgrep

Riscosity and Semgrep joined forces to secure code and protect data flows.

Charrah Hardamon
Head of Marketing
Published on

Semgrep is a leading static application security testing (SAST) tool powered by an open-source community for surfacing bugs, discovering vulnerabilities, and enforcing code standards. Semgrep has scanned over 75 million packages, contributed to 2000 community rules, and supports over 30 coding languages. Riscosity is the leading data flow observability and security platform. This is why we’re excited to announce Ricosity’s new integration with Semgrep.

Combining SAST scans and data flow security brings a wealth of benefits: 

  • Mask and remediate findings in real time without engineering involvement
  • Automate SAST scans before build time to mitigate vulnerabilities entering the production environment
  • Implement data loss prevention (DLP) for every product line

Riscosity and Semgrep: How it works

Riscosity and Semgrep ensure that a team's code is secure during build time and while in transit. This integration starts with Semgrep ensuring the code is clean by continuously and programmatically running SAST scans. The next step is Riscosity building a comprehensive and accurate code catalog. These steps ensure that the code is clean, standardized, and protected as it is pushed to the production servers running the code. Then Riscosity will step in again, and intercept any traffic that’s listed in the catalog that violates any of the policies a team has created, layering in reliable data governance.

Getting Started

To get started, you’ll need an API token issued by Semgrep to enable Riscosity to retrieve SAST scan data and centralize it in the data flow security dashboard.

Step 1. Under Semgrep “Settings” tab head to “Tokens” to generate a new API token that has Agent (CLI) and Web API checked. If this is not checked the integration will not work properly.

Step 2. In the Riscosity dashboard head to the Integrations tab, select Connections, and click on the Semgrep icon.

Step 3. Enter the generated API token from Semgrep into the empty field within the Riscosity dashboard.

Step 4. Select “Perform SAST Scan” and any other actions like DLP detection from the pop up list.

Step 5. Confirm that Semgrep is running by heading to repositories and then Scan Log.

That’s it! 

Better Together

As a Semgrep partner, we are working together to keep your code stack secure. Using a combined approach makes it easier to find and fix issues before and after build time without any manual development resources. Using Riscosity and Semgrep will empower teams to:

  • Easily manage risks throughout the software development life cycle (SDLC)
  • Implement data governance for all outbound API exchanges
  • Integrate automation into their software delivery pipelines

Ready to simplify how your team discovers and remediates issues in open source and production code? Schedule a time to speak with an expert today and find out how the Riscosity and Semgrep integration can help your team.