HackerOne and Semgrep Customers Can Access Automated Code Security Testing with Added Support from Expert Code Reviewers

SAN FRANCISCO, January 11, 2024 – HackerOne, the leader in human-powered security today announced a partnership with code security solution, Semgrep, to combine Semgrep’s automated code security tools with expert support from HackerOne PullRequest code reviewers. Security teams can now analyze code through Semgrep and have PullRequest reviewers validate results to provide recommendations and context. The partnership enables human-in-the-loop testing to improve collaboration between security and development teams to increase the agility, scalability, and accuracy of the entire code review process.

“Friction between development and code security workflows remains a challenge as development assumes more security responsibility,” said Isaac Evans, co-founder and CEO of Semgrep. “But for teams to remain agile and secure, security and development must work closely together. Our joint solution keeps both teams in mind, so workflows stay collaborative and quality code ships faster.”

Modern development teams continue to experience false positives from automated tools that hinder speed, while quality code review can lack scalability for high-velocity teams. HackerOne and Semgrep’s solution integrates natively within pull requests and existing workflows, helping it conform to modern development's increasingly collaborative structure to deliver relevant and actionable results without disrupting work.

Semgrep uses Static Application Security Testing (SAST), Software Composition Analysis (SCA), and secrets scanning to reveal security risks, which PullRequest code reviewers then evaluate to validate reports, provide context, offer specific remediations, and respond to queries so teams can take action quickly.

“Security teams need solutions that match the agility of the modern development teams they support,” said Alex Rice, founder of HackerOne. “Our partnership with Semgrep ensures software teams get the right insights at the right time in their existing workflows — all with context from human reviewers, so developers spend more time writing trustworthy code and less time fighting security tools.”

Learn more about the partnership here.

About HackerOne

HackerOne is the global leader in human-powered security. We leverage human ingenuity to pinpoint the most critical security flaws across your attack surface to outmatch cybercriminals. HackerOne’s Attack Resistance Platform combines the most creative human intelligence with the latest artificial intelligence to reduce threat exposure at all stages of the software development lifecycle. From meeting compliance requirements with pentesting to finding novel and elusive vulnerabilities through bug bounty, HackerOne’s elite community of ethical hackers helps organizations transform their businesses with confidence. HackerOne has helped find and fix more vulnerabilities than any other vendor for brands, including Coinbase, General Motors, GitHub, Goldman Sachs, Hyatt, PayPal, and the U.S Department of Defense. In 2023, HackerOne was named a Best Workplace for Innovators by Fast Company.

About Semgrep

Semgrep is an open-source platform for scanning code for security, reliability, & other issues. Semgrep's mission is to profoundly improve software security and reliability by bringing world-class security tools to engineers—software and security alike. It's Semgrep's conviction that the security process must enable rapid software development, instead of hindering it. Semgrep is funded by Felicis Ventures, Lightspeed Venture Partners, Redpoint Ventures, and Sequoia Capital, and has become an essential safeguard for code at customers like Snowflake, Dropbox, and more.