HackerOne and Semgrep Partner to Streamline Code Review for Modern Development

Date:

Share post:

HackerOne, the leader in human-powered security today announced a partnership with code security solution, Semgrep, to combine Semgrep’s automated code security tools with expert support from HackerOne PullRequest code reviewers. Security teams can now analyze code through Semgrep and have PullRequest reviewers validate results to provide recommendations and context. The partnership enables human-in-the-loop testing to improve collaboration between security and development teams to increase the agility, scalability, and accuracy of the entire code review process.

“Friction between development and code security workflows remains a challenge as development assumes more security responsibility,” said Isaac Evans, co-founder and CEO of Semgrep. “But for teams to remain agile and secure, security and development must work closely together. Our joint solution keeps both teams in mind, so workflows stay collaborative and quality code ships faster.”

Modern development teams continue to experience false positives from automated tools that hinder speed, while quality code review can lack scalability for high-velocity teams. HackerOne and Semgrep’s solution integrates natively within pull requests and existing workflows, helping it conform to modern development’s increasingly collaborative structure to deliver relevant and actionable results without disrupting work.

Semgrep uses Static Application Security Testing (SAST), Software Composition Analysis (SCA), and secrets scanning to reveal security risks, which PullRequest code reviewers then evaluate to validate reports, provide context, offer specific remediations, and respond to queries so teams can take action quickly.

Also Read: Developer’s Guide to Software Testing Approaches

“Security teams need solutions that match the agility of the modern development teams they support,” said Alex Rice, founder of HackerOne. “Our partnership with Semgrep ensures software teams get the right insights at the right time in their existing workflows — all with context from human reviewers, so developers spend more time writing trustworthy code and less time fighting security tools.”

Check Out The New TalkDev Podcast. For more such updates follow us on Google News TalkDev News.

TalkDev Bureau
TalkDev Bureau
The TalkDev Bureau has five well-trained writers and journalists, well versed in B2B enterprise technology industry, and constantly in touch with industry leaders for the latest trends, opinions, and other inputs- to bring you the best and latest in the domain.
spot_img

Related articles

OpsHub Rolls Out Integration Support for IBM Engineering Test Management (ETM) Tool

OpsHub, a leading provider of Intelligent Application Mesh solutions, is pleased to announce integration support for the IBM...

Cirrascale Cloud Services Integrates the NVIDIA HGX H200 into Its AI Innovation Cloud

Cirrascale Cloud Services®, a leading provider of innovative cloud solutions for AI and high-performance computing (HPC) workloads, today...

The Significance and Benefits of Mobile-First Design

Mobile devices have become the primary internet access tool. With more than 50% of global website traffic coming...

Appy Pie Launches ‘Flawless Text’ for Error-Free AI Image Generation

Appy Pie Design has revolutionized its AI-driven graphic design platform with a new addition, "Flawless Text", to its...