Hacker News
- Ignore 98% of dependency alerts: introducing Semgrep Supply Chain https://r2c.dev/blog/2022/introducing-semgrep-supply-chain/ 59 comments
- Should random() be banned? https://r2c.dev/blog/2021/should-random-be-banned/ 205 comments
- When DevSecOps goes wrong: a short lesson from Huawei's source code https://r2c.dev/blog/2020/when-devsecops-goes-wrong-a-short-lesson-from-huaweis-source-code/ 22 comments
- Introducing Semgrep and r2c https://r2c.dev/blog/2020/introducing-semgrep-and-r2c/ 21 comments
- Not all attacks are equal: understanding and preventing DoS in web applications https://r2c.dev/blog/2020/understanding-and-preventing-dos-in-web-apps/ 13 comments
- Hardcoded secrets, unverified tokens, and other common JWT mistakes https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ 82 comments
Lobsters
- Software supply chain security is hard https://r2c.dev/blog/2022/software-supply-chain-security-is-hard/ 11 comments security
- Introducing DeepSemgrep https://r2c.dev/blog/2022/introducing-deepSemgrep/ 2 comments security
- The best free, open-source supply-chain security tool? The lockfile https://r2c.dev/blog/2022/the-best-free-open-source-supply-chain-tool-the-lockfile/ 13 comments security
- Should random() be banned? https://r2c.dev/blog/2021/should-random-be-banned/ 11 comments practices , security
- Introducing Semgrep and r2c https://r2c.dev/blog/2020/introducing-semgrep-and-r2c/ 5 comments programming , release , security
- The best free, open-source supply-chain security tool? The lockfile https://r2c.dev/blog/2022/the-best-free-open-source-supply-chain-tool-the-lockfile/ 5 comments netsec
- Don't leak your secrets https://r2c.dev/blog/2021/dont-leak-your-secrets/ 10 comments netsec
- When DevSecOps goes wrong: a short lesson from Huawei's source code https://r2c.dev/blog/2020/when-devsecops-goes-wrong-a-short-lesson-from-huaweis-source-code/ 5 comments netsec
- Exploiting dynamic rendering engines to take control of web apps https://r2c.dev/blog/2020/exploiting-dynamic-rendering-engines-to-take-control-of-web-apps/ 8 comments netsec
- Not all attacks are equal: understanding and preventing DoS in web applications https://r2c.dev/blog/2020/understanding-and-preventing-dos-in-web-apps/ 3 comments netsec
- Type-awareness in semantic grep https://r2c.dev/blog/2020/type-awareness-in-semantic-grep/ 4 comments netsec
- Hardcoded secrets, unverified tokens, and other common JWT mistakes https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ 6 comments programming
Linking pages
- GitHub - returntocorp/semgrep: Lightweight static analysis for many languages. Find bug variants with patterns that look like source code. https://github.com/returntocorp/semgrep 55 comments
- GitHub - mgaudet/CompilerJobs: A listing of compiler, language and runtime teams for people looking for jobs in this area https://github.com/mgaudet/CompilerJobs 10 comments
- GitHub - CrowdDotDev/awesome-oss-investors: Awesome list of VCs investing in commercial open-source startups 💸 https://github.com/CrowdDotDev/awesome-oss-investors 8 comments
- Syntax highlighting on the web | Joel Gustafson https://joelgustafson.com/posts/2022-05-31/syntax-highlighting-on-the-web 5 comments
- GitHub - returntocorp/semgrep-rules: Semgrep rules registry https://github.com/returntocorp/semgrep-rules 0 comments
- Bringing Security along on the CI/CD journey - Jacob Kaplan-Moss https://jacobian.org/2021/jan/11/security-ci-cd/ 0 comments
- Semgrep 👀 - by Stephen Whitworth - High Growth Engineering https://highgrowthengineering.substack.com/p/semgrep- 0 comments