In November 2025, Semgrep delivered a major update that directly impacts how large enterprises in the United States and globally manage application security, DevSecOps, and software quality programs. These updates enhance risk prioritization, governance, supply chain security, and developer productivity.
CNAPP INTEGRATIONS WITH CORTEX AND SYSDIG
Semgrep now integrates with Cortex and Sysdig CNAPP platforms to analyze deployment status and internet exposure for vulnerabilities. This allows enterprises to prioritize findings based on actual production impact, focusing remediation efforts on exposed services. Security leaders can now report on exploitable vulnerabilities instead of theoretical issues. DevOps teams can align remediation sprints with runtime exposure, reducing noisy backlogs and improving SLA compliance.
CNAPP INTEGRATION VALIDATION AND HEALTH VISIBILITY
Semgrep introduces a Validate button and clearer connection status for CNAPP integrations, showing the last successful sync and error details. Enterprise security teams benefit from stronger governance, simplified audit preparation, and reduced blind spots. On-call SREs and platform engineers can now verify integration health instantly, reducing the need for cross-team tickets.
GITHUB APP INSTALLATION VIA NON-ADMIN LINKS
Non-admin users can now complete Semgrep GitHub App installation using install-request links. This accelerates rollout across large organizations, especially in the United States, where global GitHub admins often slow adoption. Delegated administration models are supported, allowing business units to deploy security tools quickly without compromising enterprise control.
UNIFIED PRODUCT SETTINGS PAGE FOR BETTER GOVERNANCE
All Semgrep product settings are now centralized on a single settings page. Security and platform leaders can review global configurations, integration policies, and data retention from one location. This simplifies audits, reduces configuration drift, and helps administrators troubleshoot issues efficiently. New administrators also onboard faster, with less reliance on tribal knowledge.
STRONGER RBAC AND ACCESS CONTROLS
Semgrep fixes previous RBAC issues and prevents users from removing their own access. Enterprises benefit from cleaner separation of duties, better compliance alignment, and more accurate dashboards. Team-based project ownership is now fully reflected in reporting, and administrators gain visibility into all projects, including legacy repositories.