Dependencies and open source code comprise a large amount of an organization's underlying code base. Management and monitoring of that codebase can already be taxing on developers; having a large set of false positive vulnerabilities can be a full sink of developer resources.

Utilization of open source is critical to increase developer productivity, but how do teams balance speed and security?

We will cover:
- What is Semgrep Supply Chain
- How to quickly scan for vulnerabilities in open source dependencies using Semgrep Supply Chain
- Determine what is reachable, and remediate the 2% open source vulnerabilities in your code that are actually a problem
- How to triage results into developer's workflow

--------------
Semgrep is a code security solution that enables organizations to scale their security programs quickly and easily.

Try Semgrep today: https://go.semgrep.dev/3WsqVpT