January 24, 2023 - 5:00 pm CET

Virtual Meetup with Yoann Padioleau

Abstract

Semgrep is a fast, polyglot, open-source (https://github.com/returntocorp/semgrep), static analysis engine for finding bugs, detecting vulnerabilities in third-party dependencies, and enforcing code standards . Its rules look like the code you already write; no abstract syntax trees, regex wrestling, or painful DSLs. It currently supports 26 programming languages (e.g., Java, Go, Python, C++, Ruby, etc.) and with 1,000+ existing rules and simple-to-create custom ones, it finds the bugs that matter. Semgrep can run anywhere: in CI, your editor, or the command-line. Plus, with dedicated infrastructure from r2c, the company behind Semgrep, it is easy to deploy, manage, and monitor Semgrep at scale. Semgrep can also run in the browser thanks to its interactive playground
(https://semgrep.dev/playground) making it easy for newcomer to learn and experiment with Semgrep. This talk will present Semgrep, its history, main features, and the ecosystem around it (playground, web app, github integration). This talk will also quickly present some of its implementation details such as how it solves language engineering problems using tree-sitter,
a library developed by Github.

Biography

Yoann Padioleau is a staff software engineer at r2c (https://r2c.dev), a startup whose mission is to profoundly improve software security and reliability.  He is the main creator of Semgrep (https://semgrep.dev), a polyglot customizable bug-finding tool used now by thousand companies (e.g., Dropbox, Slack, Netflix, Snowflake, Figma) and by hundreds
of thousands of developers around the world.  Before R2C, he was working at Facebook where he started the program analysis group. He was also a founding member of the test engineering and application security (AppSec) teams there. Before Facebook, he was a PhD and Postdoc in academia where he developed among other things Coccinelle (https://coccinelle.gitlabpages.inria.fr/website/), a code refactoring tool for the Linux kernel. Some of the ideas in Semgrep can actually
be traced back to his work in Coccinelle.  He enjoys coding almost exclusively in OCaml, and when he is not coding he enjoys the good food and family life in Italy where he lives.

How to join the event:

To avoid security issues is now necessary to register for the meeting. The registration should be necessary just once and be valid for all the next meetings you will participate in. Follow these steps:

  1. Register yourself to the community on the Homepage
  2. You will receive a confirmation email containing all the information about joining the meeting.
  3. Add to your calendar
  4. Enjoy the talk and, if you feel like it, discuss it further on the community forum