Download Latest Version
Release v1.145.0 source code.tar.gz (11.3 MB)
Get an email when there's a new version of Semgrep
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| README.md | 2025-12-05 | 1.4 kB | |
| Release v1.145.0 source code.tar.gz | 2025-12-05 | 11.3 MB | |
| Release v1.145.0 source code.zip | 2025-12-05 | 15.6 MB | |
| Totals: 3 Items | 26.8 MB | 7 | |
1.145.0 - 2025-12-04
Added
- Added optional user-prompting for classifying findings as true/false positives via MCP Elicitation in the MCP server (behind SEMGREP_FINDINGS_ELICITATION_ENABLED, off by default). (elicitation)
- Added hook to inject secure-by-default library recommendations into Claude Code Agent context. (secure-defaults-hook)
Changed
- Symbol analysis upload now runs before scan completion to ensure it is available during initial scan postprocessing. (sc-2933)
Fixed
- Fix issue that could lead to validation failures for certain well-formed rules, such as those with emoji in their messages. (incid-293)
- The correct range for
let ... inexpressions in OCaml is now reported. Previously, the location of theletwas omitted. This is mainly relevant for autofix. (ocaml-let) - Debug log lines concerning telemetry collection that are only relevant inside Semgrep's managed scanning environment are not emitted if a scan runs outside that environment. (saf-2321)
- pro: in 1.144.0 interfile scans no longer default to -j 1; instead, the number of available CPUs on the system was used to inform how many jobs should be spawned. This caused a change in timeouts due to how time is measured for certain parts of the pro engine. This change has now been reverted (saf-default-jobs)
