Semgrep Static Analysis

Semgrep is a static analysis security testing (SAST) tool that uses pattern matching to find bugs and security vulnerabilities in source code. It's language-agnostic, runs locally or in CI/CD, and has low false-positive rates compared to other SAST tools. Unlike heavyweight SAST tools (SonarQube, Checkmarx), Semgrep is lightweight, open-source, and designed for continuous integration. You write rules in a simple, readable YAML syntax.