Synopsis-
“Security teams can now leverage the power of Semgrep to analyze code and receive recommendations and context from PullRequest reviewers. This partnership facilitates human-in-the-loop testing to foster collaboration between security and development teams, leading to increased agility, scalability, and accuracy of the entire code review process.”
HackerOne has partnered with code security solution Semgrep to combine its automated security tools with the support of HackerOne PullRequest code reviewers.
PullRequest to Empower Security Teams
Security teams can now leverage the power of Semgrep to analyze code and receive recommendations and context from PullRequest reviewers. This partnership facilitates human-in-the-loop testing to foster collaboration between security and development teams, leading to increased agility, scalability, and accuracy of the entire code review process.
Many modern development teams still face challenges due to false positives from automated tools, which can slow down the development process. On the other hand, a thorough code review may not be scalable for high-velocity teams. To address these issues, HackerOne and Semgrep have collaborated to create a solution that integrates seamlessly within pull requests and existing workflows. This solution is designed to fit the increasingly collaborative structure of modern development teams and provide relevant and actionable results without causing any disruption to the workflow.
Semgrep uses a combination of Static Application Security Testing (SAST), Software Composition Analysis (SCA), and secret scanning to identify security risks in code. PullRequest code reviewers then evaluate the reports and provide context, specific remediations, and answers to queries. This helps teams to take quick and appropriate action to address any security risks that are identified.
“Security teams need solutions that match the agility of the modern development teams they support,” said Alex Rice, founder of HackerOne. “Our partnership with Semgrep ensures software teams get the right insights at the right time in their existing workflows — all with context from human reviewers, so developers spend more time writing trustworthy code and less time-fighting security tools.”
