Opengrep v1.24.0 released
By SecBurg
Opengrep is a community-driven, open-source SAST engine that forked from Semgrep after Semgrep locked key scanning capabilities behind a commercial license. Backed by a consortium of 10+ appsec organizations, it offers inter-procedural and cross-file analysis with SARIF/JSON output.
Version v1.24.0 is out with language fixes for C# and Java, engine improvements, and security dependency bumps.
Language support:
- C#: Translation fixes
- Java: Fixes in Java -> AST
Improvements:
- test(pyopengrep): default --test to no timeout
Engine:
- Extend pattern_to_expr: ellipsis and pat-typed
- Represent Taint_set as a Map keyed by taint identity
Security:
- Fix Aikido security findings: bump setuptools/urllib3, pin cosign, bump dependencies
Documentation:
- Crystal: Update README after releasing the support for Crystal
- Update sponsors
Contributors: corneliuhoffman, maciejpirog, dimitris-m
Full release notes: github.com/opengrep/opengrep/releases/tag/v1.24.0