releases.shpreview
Home/Semgrep
Semgrep

Semgrep

OverviewReleasesSources
Mon
Wed
Fri
JunJulAugSepOctNovDecJanFebMarAprMay
Less
More
Releases15Avg Interval5dAvg Cadence6/mo
Recently Shipped14 releases · updated Jun 1, 2026

v1.164.0 (May 26) relaxed the glibc requirement from ≥2.35 to ≥2.34, restoring compatibility with RHEL 9 and Amazon Linux 2023.1

Pro interfile taint analysis got faster and more accurate. The interfile engine was redesigned in v1.158.0 for an estimated 20–40% speed improvement.2 Taint config computation now parallelizes across available jobs, and intermediate results serialize to disk to cut redundant recomputation. Cross-file tracking improved for globals, variadic functions, and lambda calls. v1.162.0 extended this with nested-function taint tracking; v1.163.0 further parallelized rule validation and parsing across cores, cutting scan startup time on large rulesets.3

JSON rule parsing became ~5× faster. A new hand-written RFC 8259 parser replaced the previous JS-parser-based chain in v1.162.0, dropping parse time on a 382 MB rule pack from ~134s to ~28s.4

Language support broadened. PowerShell arrived in beta (v1.155.0), Scala gained a tree-sitter parser (v1.160.0), Scala 3.4+ trait parameters parse correctly (v1.161.0), PHP support extended to 8.1–8.5 syntax (v1.163.0), and Dart gained typed metavariables and function-definition patterns (v1.164.0).56

Binary distribution now requires a newer glibc — with a recent rollback. Dynamic linking landed in v1.158.0 with a ≥2.35 minimum; v1.164.0 walked this back to ≥2.34. A separate musllinux_1_2 wheel covers musl systems, and macOS binaries also moved to dynamic linking.

CI credential exposure was closed off. v1.162.0 stopped transmitting SCM tokens to the platform and redacted URL-embedded credentials and Authorization headers from git error messages and fail-open telemetry.7

The platform added AI credits tracking and Jira integration. April 2026 brought workflow execution usage to the AI credits dashboard, AI-powered detection findings to the findings API, and Jira ticketing support for those findings.8

The MCP server gained branch-scoped filtering. The semgrep_findings tool added a refs parameter for branch-scoped queries and made autotriage_verdict optional, and DNS rebinding protection was added to the server.9

Sources

1Release v1.164.02Release v1.158.03Release v1.163.04Release v1.162.05Release v1.163.06Release v1.164.0
AI-generated summaries may contain mistakes.
SemgrepDaily
12
semgrep/semgrep
7/week avgv1.153.0 → v1.164.0
Semgrep Release NotesWeekly
3
semgrep.dev/docs/release-notes
1/week avg
Last Checked
1h ago
Category
Security
Tags
code-analysislintingsast
Accounts
semgrep@semgrepsemgrep
Tracking since Feb 9, 2024
.json·.md·.atom