Semgrep Video Library

Browse our library of on-demand videos, including testimonials, industry information, and tutorials.

Featured Videos
Featured Videos

Semgrep Summer ‘25 Release Highlights

Secure Coding

How to do Secure Code Review with Vibe Coding IDEs

Application Security

AI Meets AppSec: Real vs. Hype?

Application Security

MCP: Model, Context… Propaganda? What security teams need to know about the latest hyped up AI tech

All Videos
All Announcements Application Security Best Practices Community Open Source Secure Coding Security Research
security

A Practical Approach to Secure Guardrails

security

AI-Powered AppSec: Automating Prioritization, Triage, and Remediation

best-practices

Automating Secure Guardrails: Leveraging SAST and Other Tools for Effective Implementation

Announcements

Boost Development with Semgrep Assistant: Your Personal AI Security Engineer

best-practices

CISO Perspectives: The Role of AI in Security & Compliance

Announcements

Coding Securely Doesn’t Have to Be Boring: A Fireside Chat with Laura Bell Main

Announcements

Common Vulnerabilities in GitHub Actions - And How to Protect Against Them

community

Engineering a Safer Future at LaunchDarkly

Announcements

Fireside Chat: Burning Down Organizational Risk

security

Founder Friday: re:Invent Reflections and AI Predictions

Announcements

From Code to Cloud: Build Securely at Scale - Powered by AWS & Semgrep

security

Going Beyond the Benchmarks: Detecting Real-World JavaScript Vulnerabilities at Scale with Semgrep

best-practices

How Fintechs Can Balance Innovation and Compliance

Announcements

How to Choose the Right SAST Solution Practical Insights from Security Experts

best-practices

How to Swim in the Ocean of SCA

Announcements

Mastering Security Headers with Scott Helme & Tanya Janca

community

Modern Security Podcast: Bridging Security & Productivity with Systems Thinking

community

Privacy by Design: Making Threat Modeling Work for Data Protection

security

Real-World AppSec: What Actually Works in Practice

security

Redefining Security Investment: SAST Scans and DFPM

Announcements

Scaling SAST with AI – How esure Built Secure Development at Speed

announcements

See What We’re Unveiling at Black Hat—Before Anyone Else

Announcements

Semgrep RuleWriting 201

announcements

Semgrep Spring '25 Release Highlights

security

Static analysis + LLMs: Making shift left finally work Webinar

security

Tainted Love: A Deep Dive into Semgrep’s Taint Mode Workshop

security

The End of Static Security: How Context-Aware AI Is Changing SAST Forever

Announcements

The False Positives That SAST Tools Always Flag

community

The Modern Security Podcast: The Art of Secure Guardrails: Lessons from GitHub

Announcements

Top 5 Metrics for Effective Security Leadership

open-sources

Using Artificial Intelligence, Safely

community

Who Makes the Rules?

community

Winning Friends & Influencing Developers with Sandesh Anand

application-security

Assistant Memories Interactive Demo

application-security

[LATAM webinar] Rewriting the Rules of Static Analysis with AI

Announcements

10xing your AppSec Program with AI and LLMs
Announcements

A Practical Approach to Secure Guardrails
application-security

AI Meets AppSec: Real vs. Hype?

Announcements

AI-Powered AppSec: Automating Prioritization, Triage, and Remediation
best-practices

Application Security Is Eating Cloud Security for Lunch

secure-coding

Artificial Risks: AI, Games, and Threats

Announcements

Automating Secure Guardrails: Leveraging SAST and Other Tools for Effective Implementation
community

Best Practices and Innovations in Software Supply Chain Security

Announcements

Boost Development with Semgrep Assistant: Your Personal AI Security Engineer
application-security

Breaking the False Positive Cycle: How Semgrep Helps Security Engineers Move Faster

community

Building a Successful Security Champions Program: What Does it Take?

secure-coding

Case of the common vulnerability? Secure guardrails can help!

security

Clint Collabs: Chris Hughes and Securing your Software Supply Chain

best-practices

Clint Collabs: Jason Chan on the Origin of the Paved Road

community

Clint Collabs: Netflix’s Scott Behrens on the Difficulty of Building a Useful Paved Road & Where to Start

community

Collaborating with Development Teams: How to Successfully Implement and Enforce Secure Guardrails

application-security

Ditch the Distractions: Adaptive Noise Canceling for Code Scanning

best-practices

Down with the CISO with Nathan Case, CISO of Corsha

application-security

EMEA: 10xing your AppSec Program with AI and LLMs

announcements

EMEA: New Features – AI-powered Memories & Enterprise-ready Scanning

Announcements

EMEA: Top 5 Metrics for Effective Security Leadership
best-practices

Empower Your Builders: A Fireside Chat on Practical AppSec

announcements

Exclusive Preview of RSA 2025

Announcements

Fireside Chat: Burning Down Organizational Risk
best-practices

Fireside Chat: Protecting Your Digital Security with Leigh Honeywell

application-security

Floating the goat: How to use DevSecOps to secure OWASP WebGoat

Announcements

Founder Friday: re:Invent Reflections and AI Predictions
Announcements

Getting started with Semgrep Secrets
Announcements

Going Beyond the Benchmarks: Detecting Real-World JavaScript Vulnerabilities at Scale with Semgrep
open-sources

How Merge finds and fixes vulnerabilities that matter

secure-coding

How to Build the Ideal Security Workflow for Developers

Announcements

How to Choose the Right SAST Solution: Practical Insights from Security Experts
secure-coding

How to do Secure Code Review with Vibe Coding IDEs

Announcements

How to Swim in The Ocean of SCA
application-security

How to take a guardrails approach to SAST with Semgrep Code

security

How we implemented inter-file analysis to find the vulnerabilities that matter

application-security

How Yext built a vulnerability management program from scratch using Semgrep

Announcements

Mastering Security Headers with Scott Helme & Tanya Janca
best-practices

Maturing Your Threat Modeling Skills

application-security

MCP: Model, Context… Propaganda? What security teams need to know about the latest hyped up AI tech

application-security

Remediating your vulnerability backlog at scale with AI

Announcements

Scaling SAST with AI – How esure Built Secure Development at Speed

Announcements

Scaling Securely: How Fintechs Can Stay Ahead of Threats & Regulations
Announcements

Secure Coding Training
secure-coding

Secure Guardrails Fundamentals: External Entity Injection

Announcements

Secure Guardrails Fundamentals: External Entity Injection - EMEA
open-sources

Secure Open Source Dependencies with Semgrep Supply Chain

Announcements

Secure Vibe Coding: Real-Time AI Guardrails with Semgrep MCP
application-security

Securing Solo: Maximize Your AppSec Efficiency and Cut the Noise

Announcements

Security Unplugged: Expert Insights Live from RSA
announcements

See What We’re Unveiling at Black Hat—Before Anyone Else

Announcements

Semgrep Rule Writing 101 & 201
Announcements

Semgrep Summer ‘25 Release Highlights

best-practices

Skynet or WALL-E? How AI is changing work for Security teams

open-sources

Software Supply Chain Security; More Than Just Dependencies

Announcements

Static analysis + LLMs: Making shift left finally work
Announcements

Supercharge Shift Left: Static Analysis, LLMs, & Memories
secure-coding

The Rules

secure-coding

The Rules - October Session

secure-coding

The Rules September

application-security

Training 101: Intro to Pro Engine

application-security

Training 101: Intro to Semgrep Supply Chain

application-security

Training 201: Understanding Reachability on Github with Semgrep Supply Chain

Announcements

Using Artificial Intelligence, Safely
secure-coding

Vibe Coding, But Make it Safe

Announcements

Who Makes the Rules?
Announcements

Workshop: Teaching Semgrep Assistant to filter out the noise with memories
best-practices

You Should Be Using AI for AppSec