Week 6: Demo Proposal

[Flopalot]

Assignment Proposal

Title

Using Semgrep to find vulnerabilities

Names and KTH ID

• Viktor Fornstad (vikfor@kth.se)
• Gustav Henningsson (ghenn@kth.se)

Deadline

• Week 6

Category

• Demo

Description

We want to demo the static analysis tool called Semgrep. In the demo we will:

• Connect Semgrep to a Github repo
• Run Semgrep, with the basic rule-set, on the repo
• Show and explain the information given by Semgrep
• Create a custom rule that can be used with Semgrep We will also explain why it is important to use static analysis tools for DevSecOps.

Relevance

There are hundreds of different vulnerabilities that exist and it's therefor difficult for your average developer to know of and remember all of them. To know why and how to use static analysis tools to identify vulnerabilities is important to combat this problem.

[algomaster99]

Hey! Are you coming to present today?