Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update wording re: dependency paths #1957

Merged
merged 3 commits into from
Feb 7, 2025
+8 −6
Merged

update wording re: dependency paths #1957

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b06b91f
update wording
khorne3 Feb 6, 2025
9cf6d92
fix inconsistency
khorne3 Feb 6, 2025
9ebb29e
Apply suggestions from review
khorne3 Feb 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions docs/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,8 +126,8 @@ See the [Supported languages](/supported-languages#semgrep-code-and-oss) documen
- Apply rules in different modes, such as monitor, comment, block, or disable, to align with security workflows.
- Integrate policy management into CI/CD pipelines to ensure consistent enforcement during software development.
- [Semgrep Managed Scans](/deployment/managed-scanning/azure) for repositories hosted by **Azure DevOps** is now in public beta.
- [Dependency Paths](/semgrep-supply-chain/dependency-search#view-the-dependency-path) are now available for the following languages and package managers:
- **JavaScript**: all package managers are supported by Semgrep.
- [Dependency Paths](/semgrep-supply-chain/dependency-search#view-the-dependency-path) are now available in public beta for the following languages and package managers:
- **JavaScript**: npm, pnpm, and yarn are supported.
- **Python**: Only Poetry is supported.
- Semgrep now ingests CVE information from [<i class="fas fa-external-link fa-xs"></i> Electron release notes](https://releases.electronjs.org/releases/stable). This information is used to generate rules that can detect if you're affected by CVEs from this source.
- [Noise filtering](/semgrep-assistant/overview#noise-filtering-beta) is now in public beta. With Noise Filtering, Assistant evaluates each Semgrep Code finding to determine if it's a true positive using additional context and prevents a PR comment from being posted in the developer workflow if it's not.
Expand Down
5 changes: 3 additions & 2 deletions docs/release-notes/january-2025.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,9 +71,10 @@ tags:
### Added

<!-- Dependency graphs? -->
- [Dependency Paths](/semgrep-supply-chain/dependency-search#view-the-dependency-path) are now available for the following languages and package managers:
- **JavaScript**: all package managers are supported by Semgrep.
- [Dependency Paths](/semgrep-supply-chain/dependency-search#view-the-dependency-path) are now available in **public beta** for the following languages and package managers:
- **JavaScript**: npm, pnpm, and yarn are supported.
- **Python**: Only Poetry is supported.
Reach out to [<i class="fa-regular fa-envelope"></i> [email protected]](mailto:[email protected]) to join the beta program.
khorne3 marked this conversation as resolved.
Show resolved Hide resolved
- **C#**: Semgrep can now scan NuGet codebases without the need for a lockfile. This feature is in **private beta**. See also [Scan a project without lockfiles](/semgrep-supply-chain/getting-started#scan-a-project-without-lockfiles-beta). Reach out to [<i class="fa-regular fa-envelope"></i> [email protected]](mailto:[email protected]) to join the beta program.
- Semgrep now ingests CVE information from [<i class="fas fa-external-link fa-xs"></i> Electron release notes](https://releases.electronjs.org/releases/stable). This information is used to generate rules that can detect if you're affected by CVEs from this source.

Expand Down
5 changes: 3 additions & 2 deletions docs/release-notes/latest.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,9 +72,10 @@ tags:
### Added

<!-- Dependency graphs? -->
- [Dependency Paths](/semgrep-supply-chain/dependency-search#view-the-dependency-path) are now available for the following languages and package managers:
- **JavaScript**: all package managers are supported by Semgrep.
- [Dependency Paths](/semgrep-supply-chain/dependency-search#view-the-dependency-path) are now available in **public beta** for the following languages and package managers:
- **JavaScript**: npm, pnpm, and Yarn are supported.
- **Python**: Only Poetry is supported.
Reach out to [<i class="fa-regular fa-envelope"></i> [email protected]](mailto:[email protected]) to join the beta program.
khorne3 marked this conversation as resolved.
Show resolved Hide resolved
- **C#**: Semgrep can now scan NuGet codebases without the need for a lockfile. This feature is in **private beta**. See also [Scan a project without lockfiles](/semgrep-supply-chain/getting-started#scan-a-project-without-lockfiles-beta). Reach out to [<i class="fa-regular fa-envelope"></i> [email protected]](mailto:[email protected]) to join the beta program.
- Semgrep now ingests CVE information from [<i class="fas fa-external-link fa-xs"></i> Electron release notes](https://releases.electronjs.org/releases/stable). This information is used to generate rules that can detect if you're affected by CVEs from this source.

Expand Down