Opengrep v1.25.0 released
By SecBurg
UPDATE
Opengrep v1.25.0 is out with several Dart translation fixes and a PHP lexer fix.
Improvements:
- Dart: Multiple translation fixes
- Dart: Support for dot-access-ellipsis
- Dart: Ellipsis as a valid class member in patterns
- Dart: Translate cascade expression to dot-accesses
- Dart: Fix argument patterns
- PHP: Lex non-ASCII bytes in identifiers
Full release notes: github.com/opengrep/opengrep/releases/tag/v1.25.0
Opengrep is a community-driven, open-source SAST engine that forked from Semgrep after Semgrep locked key scanning capabilities behind a commercial license. Backed by a consortium of 10+ appsec organizations, it offers inter-procedural and cross-file analysis with SARIF/JSON output.
Version v1.24.0 is out with language fixes for C# and Java, engine improvements, and security dependency bumps.
Language support:
- C#: Translation fixes
- Java: Fixes in Java -> AST
Improvements:
- test(pyopengrep): default --test to no timeout
Engine:
- Extend pattern_to_expr: ellipsis and pat-typed
- Represent Taint_set as a Map keyed by taint identity
Security:
- Fix Aikido security findings: bump setuptools/urllib3, pin cosign, bump dependencies
Documentation:
- Crystal: Update README after releasing the support for Crystal
- Update sponsors
Contributors: corneliuhoffman, maciejpirog, dimitris-m
Full release notes: github.com/opengrep/opengrep/releases/tag/v1.24.0