Semgrep Video Library

Browse our library of on-demand videos, including testimonials, industry information, and tutorials.

Featured Videos
Featured Videos

How to do Secure Code Review with Vibe Coding IDEs

Best Practices
All Videos
All Announcements Best Practices Community Development Open Sources Security Tips and Tricks
security

A Practical Approach to Secure Guardrails

security

AI-Powered AppSec: Automating Prioritization, Triage, and Remediation

best-practices

Automating Secure Guardrails: Leveraging SAST and Other Tools for Effective Implementation

development

Boost Development with Semgrep Assistant: Your Personal AI Security Engineer

best-practices

CISO Perspectives: The Role of AI in Security & Compliance

tips-and-tricks

Coding Securely Doesn’t Have to Be Boring: A Fireside Chat with Laura Bell Main

tips-and-tricks

Common Vulnerabilities in GitHub Actions - And How to Protect Against Them

community

Engineering a Safer Future at LaunchDarkly

tips-and-tricks

Fireside Chat: Burning Down Organizational Risk

security

Founder Friday: re:Invent Reflections and AI Predictions

tips-and-tricks

From Code to Cloud: Build Securely at Scale - Powered by AWS & Semgrep

security

Going Beyond the Benchmarks: Detecting Real-World JavaScript Vulnerabilities at Scale with Semgrep

best-practices

How Fintechs Can Balance Innovation and Compliance

tips-and-tricks

How to Choose the Right SAST Solution Practical Insights from Security Experts

best-practices

How to Swim in the Ocean of SCA

tips-and-tricks

Mastering Security Headers with Scott Helme & Tanya Janca

community

Modern Security Podcast: Bridging Security & Productivity with Systems Thinking

community

Privacy by Design: Making Threat Modeling Work for Data Protection

security

Real-World AppSec: What Actually Works in Practice

security

Redefining Security Investment: SAST Scans and DFPM

development

Scaling SAST with AI – How esure Built Secure Development at Speed

announcements

See What We’re Unveiling at Black Hat—Before Anyone Else

development

Semgrep RuleWriting 201

announcements

Semgrep Spring '25 Release Highlights

security

Static analysis + LLMs: Making shift left finally work Webinar

security

Tainted Love: A Deep Dive into Semgrep’s Taint Mode Workshop

security

The End of Static Security: How Context-Aware AI Is Changing SAST Forever

tips-and-tricks

The False Positives That SAST Tools Always Flag

community

The Modern Security Podcast: The Art of Secure Guardrails: Lessons from GitHub

tips-and-tricks

Top 5 Metrics for Effective Security Leadership

open-sources

Using Artificial Intelligence, Safely

community

Who Makes the Rules?

community

Winning Friends & Influencing Developers with Sandesh Anand

best-practices

[LATAM webinar] Rewriting the Rules of Static Analysis with AI test

Announcements

10xing your AppSec Program with AI and LLMs
Announcements

A Practical Approach to Secure Guardrails
Announcements

AI Meets AppSec: Real vs. Hype?
Announcements

AI-Powered AppSec: Automating Prioritization, Triage, and Remediation
security

Application Security Is Eating Cloud Security for Lunch

community

Artificial Risks: AI, Games, and Threats

Announcements

Ashley Test Coding Securely Doesn’t Have to Be Boring: A Fireside Chat with Laura Bell Main (Duplicated)

Announcements

Automating Secure Guardrails: Leveraging SAST and Other Tools for Effective Implementation
best-practices

Best Practices and Innovations in Software Supply Chain Security

Announcements

Boost Development with Semgrep Assistant: Your Personal AI Security Engineer
community

Building a Successful Security Champions Program: What Does it Take?

security

Case of the common vulnerability? Secure guardrails can help!

community

Clint Collabs: Chris Hughes and Securing your Software Supply Chain

community

Clint Collabs: Jason Chan on the Origin of the Paved Road

community

Clint Collabs: Netflix’s Scott Behrens on the Difficulty of Building a Useful Paved Road & Where to Start

community

Collaborating with Development Teams: How to Successfully Implement and Enforce Secure Guardrails

security

Ditch the Distractions: Adaptive Noise Canceling for Code Scanning

community

Down with the CISO with Nathan Case, CISO of Corsha

security

EMEA: 10xing your AppSec Program with AI and LLMs

community

EMEA: New Features – AI-powered Memories & Enterprise-ready Scanning

Announcements

Empower Your Builders: A Fireside Chat on Practical AppSec
announcements

Exclusive Preview of RSA 2025

Announcements

Fireside Chat: Burning Down Organizational Risk
security

Fireside Chat: Protecting Your Digital Security with Leigh Honeywell

open-sources

Floating the goat: How to use DevSecOps to secure OWASP WebGoat

Announcements

Founder Friday: re:Invent Reflections and AI Predictions
Announcements

From Code to Cloud: Build Securely at Scale - Powered by AWS & Semgrep
Announcements

Getting started with Semgrep Secrets
Announcements

Going Beyond the Benchmarks: Detecting Real-World JavaScript Vulnerabilities at Scale with Semgrep
best-practices

How Merge finds and fixes vulnerabilities that matter

development

How to Build the Ideal Security Workflow for Developers

Announcements

How to Choose the Right SAST Solution: Practical Insights from Security Experts
best-practices

How to do Secure Code Review with Vibe Coding IDEs

Announcements

How to Swim in The Ocean of SCA
security

How to take a guardrails approach to SAST with Semgrep Code

security

How we implemented inter-file analysis to find the vulnerabilities that matter

best-practices

How Yext built a vulnerability management program from scratch using Semgrep

Announcements

Mastering Security Headers with Scott Helme & Tanya Janca
security

Maturing Your Threat Modeling Skills

tips-and-tricks

Remediating your vulnerability backlog at scale with AI

Announcements

Scaling Securely: How Fintechs Can Stay Ahead of Threats & Regulations
Announcements

Secure Coding Training
security

Secure Guardrails Fundamentals: External Entity Injection

Announcements

Secure Guardrails Fundamentals: External Entity Injection - EMEA
security

Secure Open Source Dependencies with Semgrep Supply Chain

security

Securing Solo: Maximize Your AppSec Efficiency and Cut the Noise

Announcements

Security Unplugged: Expert Insights Live from RSA
Announcements

Semgrep Rule Writing 101 & 201
security

Skynet or WALL-E? How AI is changing work for Security teams

security

Software Supply Chain Security; More Than Just Dependencies

Announcements

Static analysis + LLMs: Making shift left finally work
Announcements

Supercharge Shift Left: Static Analysis, LLMs, & Memories
community

The Rules

community

The Rules - October Session

community

The Rules September

security

Training 101: Intro to Pro Engine

security

Training 101: Intro to Semgrep Supply Chain

security

Training 201: Understanding Reachability on Github with Semgrep Supply Chain

Announcements

Using Artificial Intelligence, Safely
open-sources

Vibe Coding, But Make it Safe

Announcements

Who Makes the Rules?
Announcements

Workshop: Teaching Semgrep Assistant to filter out the noise with memories
security

You Should Be Using AI for AppSec