@opengrep profile picture
Opengrep @opengrep

The most advanced code security (SAST) engine - fully open-source. No paywall, no login.

Joined January 2024
  • Tweets 179
  • Following 22
  • Followers 206
37 Photos and videos
Pinned Tweet
Opengrep@opengrep
24 Mar 2025
We ship every week. Follow along the public roadmap /opengrep/issues What's shipped so far: ✅ windows compatibility (beta) ✅ fingerprints & metavariables restored (SARIF & JSON) ✅ desktop app for rule crafting ⏭️ elixir support ⏭️ cross-file analysis ⌛️inter-file...
Mark Manning@antitree
24 Mar 2025
Are people still talking about opengrep? I thought that was a silly mistake we laughed at as an industry and went back to Semgrep, no?
4
10
893
Opengrep retweeted
Aikido Security
@AikidoSecurity
Jun 9
github.com/AikidoSec/opengre…
3
3
823
Opengrep retweeted
Aikido Security
@AikidoSecurity
Jun 9
npm recently introduced staged publishing, and it directly targets the attack pattern behind most of the supply chain compromises we tracked this year. Instead of npm publish pushing packages live instantly, npm stage publish puts them in a queue. A human with 2FA has to approve, preventing attackers from pushing malicious package versions with stolen tokens We open-sourced a SAST rule that catches "npm publish" in your GitHub Actions workflows and flags it for migration.
1
10
36
2,503
🧡 New Opengrep release is here: v1.22.0 Highlights: • More Dockerfile support improvements, including legacy syntax and BuildKit extensions • Better support for Go interfaces
1
2
74
• A fix for a bug that caused taint to be dropped in some collection functions when using --𝚝𝚊𝚒𝚗𝚝-𝚒𝚗𝚝𝚛𝚊𝚏𝚒𝚕𝚎 Full changelog: github.com/opengrep/opengrep… We ship every week. Catch you next release 🫡

Release Opengrep 1.22.0 · opengrep/opengrep

Improvements Dockerfile: Support multiline ENV by @maciejpirog in #702 Go: Allow nontrivial types in interfaces by @maciejpirog in #710 Fix taint not flowing through return value of returns_this m...

github.com
52
✨ New Opengrep release is here: v1.21.0 Highlights: • Extended Dockerfile syntax support: correct handling of multiline strings, plus support for legacy syntax in 𝙴𝙽𝚅 and 𝙻𝙰𝙱𝙴𝙻   • Added support in C for GLib macros in variable definitions
1
4
154
• LSP mode now supports the --𝚝𝚊𝚒𝚗𝚝-𝚒𝚗𝚝𝚛𝚊𝚏𝚒𝚕𝚎 flag   • Improved the efficiency of pruning with --𝚎𝚡𝚌𝚕𝚞𝚍𝚎  Full changelog: github.com/opengrep/opengrep… We ship every week. Catch you next release. 🫡

Release Opengrep 1.21.0 · opengrep/opengrep

Improvements Fix directory pruning inefficiency by @corneliuhoffman in #682 Dockerfile: Correct handling of multiline strings by @maciejpirog in #692 Dockerfile: Legacy env and label syntax by @ma...

github.com
1
52
yes, @openclaw uses Opengrep
6
57
✨ Opengrep v1.20.0 is out. Major improvements in this release: • Improvements in taint analysis involving anonymous functions • Better support for Structural Pattern Matching in Python
1
1
6
134
• Support for more Elixir features (e.g. "abc" <> x and ^x patterns, 𝚌𝚊𝚜𝚎 expressions) • Fixes for patterns in function parameters in Clojure Full changelog: github.com/opengrep/opengrep… We ship every week. Catch you next release 🫡

Release Opengrep 1.20.0 · opengrep/opengrep

Improvements Elixir: Updates in patterns by @maciejpirog in #655 Elixir: Distinguish field access from zero-arity remote call by @dimitris-m in #659 Python: Preserve match/case guard and as bindin...

github.com
56
✨Three new Opengrep releases are out: v1.17.0 → v1.19.0 A lot shipped across these releases, with a strong focus on taint analysis and Elixir support.
1
1
61
more replies
v1.19.0 • Elixir: taint is now traced through 𝚏𝚘𝚛 comprehensions and the |> operator • Ruby: fix in distinguishing between a variable and a parameterless function call • Ruby: fix in 𝚘𝚋𝚓[𝚔𝚎𝚢] expressions, now correctly propagating taint
1
45
Full changelogs: github.com/opengrep/opengrep… We ship every week. Catch you next release 🤝

Releases · opengrep/opengrep

🔎 Static code analysis engine to find security issues in code. - opengrep/opengrep

github.com
37
⚡ Opengrep is now the only SAST engine with Brainf*ck support We did it. We added Brainf*ck to Opengrep. No, we’re not sorry. While other tools are still catching up on modern languages, we asked a different question: what about developers writing production code in Brainf*ck?
1
1
3
80
Pattern matching. Comment-aware parsing. Nested bracket analysis. Get your binary → github.com/opengrep/opengrep… Opengrep: Securing code in every language. Even that one.🫡

Release Amazing new release, · opengrep/opengrep

Opengrep: The Only SAST Engine That Supports Brainf*ck We did it. We added Brainf*ck to Opengrep. No, we're not sorry. While other SAST tools are still trying to catch up on Go support, we leap...

github.com
1
47
✨ Opengrep v1.16.5 is here. Highlights: • Improvements in recognizing language-specific built-in functions in intrafile tainting • Elixir: support for multi-clause functions and interpolated strings Full changelog: github.com/opengrep/opengrep…
2
49
✨ Opengrep v1.16.4 is out. This release improves stability when installing and running Opengrep, especially in containerized environments. Fixes include: • Improvements to the install script • Better handling of non-UTF-8 characters in the Python CLI
1
1
67
Full changelog: github.com/opengrep/opengrep… We ship every week. Catch you next release 🤝

Release Opengrep 1.16.4 · opengrep/opengrep

Improvements Improvements in the install script by @dimitris-m in #610 Fix text encoding in python CLI to prevent a bug when reading a non-utf8 character by @maciejpirog in #611 Full Changelog: v...

github.com
37
Load more