1.67.0 - 2024-03-28
Added
--historical-secrets
flag for running Semgrep Secrets regex rules on git
history (requires Semgrep Secrets). This flag is not yet implemented for
--experimental
. (scrt-531)
Changed
-
Files with the
.phtml
extension are now treated as PHP files. (gh-10009) -
[IMPORTANT] Logged in users running
semgrep ci
will now run the pro engine by default! Allsemgrep ci
scans will run with our proprietary languages (Apex and Elixir), as well as cross-function taint within a single file, and other single file pro optimizations we have developed. This is equivalent tosemgrep ci --pro-intrafile
. Users will likely see improved results if they are runningsemgrep ci
and did not already have additional configuration to enable pro analysis.The current default engine does not include cross-file analysis. To scan with cross-file analysis, turn on the app toggle or pass in the flag
--pro
. We recommend this unless you have very large repos (talk to our support to get help enabling cross-file analysis on monorepos!)To revert back to our OSS analysis, pass the flag
--oss-only
(or use--pro-languages
to continue to receive our proprietary languages).Reminder: because we release first to our canary image, this change will only immediately affect you if you are using
semgrep/semgrep:canary
. If you are usingsemgrep/semgrep:latest
, it will affect you when we bump canary to latest. (saf-845)
Fixed
-
Fixed a parsing error in Kotlin when there's a newline between the class name and the primary constructor.
This could not parse before
class C constructor(arg:Int){}
because of the newline between the class name and the constructor.
Now it's fixed. (saf-899)