semgrep/semgrep-rules
Dec 2024 – Apr 2026
10 Months active
Languages Used
TerraformYAMLyamlhclGoPythondockerfileKotlin
Technical Skills
CI/CDCloud SecurityGitHub ActionsInfrastructure as CodePolicy as Codesecurity scanning
Pieter De Cremer (Semgrep)
PROFILE
Pieter De Cremer (semgrep)
Pieter contributed to the semgrep/semgrep-rules repository by developing and refining security and linting rules that enhance CI/CD reliability and cloud security. Over ten months, Pieter delivered features such as Dockerfile dependency confusion detection, Argo Workflows command injection coverage, and OWASP 2025 rule mapping, using Go, Kotlin, and YAML. He improved static analysis accuracy by tuning rule sensitivity, reducing false positives, and aligning with updated security guidelines. Pieter’s work included pre-commit hook enhancements and multi-language rule development, resulting in more precise vulnerability detection, streamlined developer workflows, and improved audit readiness for teams relying on automated security policy enforcement.
Overall Statistics
Feature vs Bugs
69%Features
Repository Contributions
20Total
Bugs
5
Commits
20
Features
11
Lines of code
2,567
Activity Months10
Your Network
48 peopleWork History
April 2026
2 Commits • 1 Features
Apr 1, 2026April 2026 monthly summary for semgrep/semgrep-rules focused on delivering high-impact security rule improvements and testing enhancements. Highlights include a targeted bug fix that reduces false positives in the Kotlin unencrypted-socket rule and a pre-commit hook enhancement expanding multi-document YAML support for test files, improving test coverage and CI reliability.
2 Commits • 1 Features
Apr 1, 2026April 2026 monthly summary for semgrep/semgrep-rules focused on delivering high-impact security rule improvements and testing enhancements. Highlights include a targeted bug fix that reduces false positives in the Kotlin unencrypted-socket rule and a pre-commit hook enhancement expanding multi-document YAML support for test files, improving test coverage and CI reliability.
April 2026
February 2026
1 Commits • 1 Features
Feb 1, 2026February 2026 monthly summary for semgrep/semgrep-rules: Focused on reducing lint noise to improve developer efficiency and maintainability. Key feature delivered: Downgraded the severity of informational React lint rules from WARNING to INFO to minimize warning overload while preserving visibility of best practices. No major bugs fixed this month; standard maintenance performed. Business value includes cleaner CI feedback, faster triage, and higher developer focus on critical issues. Technologies/skills demonstrated include lint configuration, Git-based change tracking, and repo-level policy adjustments.
February 2026
1 Commits • 1 Features
Feb 1, 2026February 2026 monthly summary for semgrep/semgrep-rules: Focused on reducing lint noise to improve developer efficiency and maintainability. Key feature delivered: Downgraded the severity of informational React lint rules from WARNING to INFO to minimize warning overload while preserving visibility of best practices. No major bugs fixed this month; standard maintenance performed. Business value includes cleaner CI feedback, faster triage, and higher developer focus on critical issues. Technologies/skills demonstrated include lint configuration, Git-based change tracking, and repo-level policy adjustments.
January 2026
1 Commits • 1 Features
Jan 1, 2026January 2026 monthly summary focusing on security rule updates in semgrep-rules. Delivered OWASP 2025 Security Rule Mapping Update to align vulnerabilities with the latest OWASP guidelines and fixed Twilio TwiML metadata for a rule to improve accuracy. All changes were committed in 46a0ecfdf78f86a6409677c58417f845ef9eae9a (co-authored). Business impact: stronger security coverage, reduced rule misclassification, and better readiness for OWASP 2025 audits. Skills demonstrated: security-focused rule mapping, metadata normalization, version control discipline, and cross-team collaboration.
1 Commits • 1 Features
Jan 1, 2026January 2026 monthly summary focusing on security rule updates in semgrep-rules. Delivered OWASP 2025 Security Rule Mapping Update to align vulnerabilities with the latest OWASP guidelines and fixed Twilio TwiML metadata for a rule to improve accuracy. All changes were committed in 46a0ecfdf78f86a6409677c58417f845ef9eae9a (co-authored). Business impact: stronger security coverage, reduced rule misclassification, and better readiness for OWASP 2025 audits. Skills demonstrated: security-focused rule mapping, metadata normalization, version control discipline, and cross-team collaboration.
January 2026
November 2025
2 Commits • 1 Features
Nov 1, 2025In November 2025, delivered a security-focused improvement in the semgrep-rules repository by adding a rule to detect a backdoor vulnerability in GitHub Actions workflows. This strengthens CI/CD security by enabling automated detection of malicious code in workflows, reducing risk across users who rely on Semgrep for policy enforcement. The feature was implemented via two commits and included a messaging/description polish to improve maintainability and clarity. Key context: Repository - semgrep/semgrep-rules; Month - 2025-11; Focus area - security rule development for CI workflows.
November 2025
2 Commits • 1 Features
Nov 1, 2025In November 2025, delivered a security-focused improvement in the semgrep-rules repository by adding a rule to detect a backdoor vulnerability in GitHub Actions workflows. This strengthens CI/CD security by enabling automated detection of malicious code in workflows, reducing risk across users who rely on Semgrep for policy enforcement. The feature was implemented via two commits and included a messaging/description polish to improve maintainability and clarity. Key context: Repository - semgrep/semgrep-rules; Month - 2025-11; Focus area - security rule development for CI workflows.
September 2025
1 Commits • 1 Features
Sep 1, 2025Month: 2025-09. Delivered Argo Workflows Command Injection Detection Rule Enhancement for semgrep/semgrep-rules, expanding cross-language support and execution-context coverage in workflow scripts and containers. This work strengthens security detection for insecure parameter usage across scripting environments in CI/CD workflows, enabling earlier remediation and reducing risk. Commit reference: 54c51a32abeaac91db2857c0cf2a20483c4b5664.
1 Commits • 1 Features
Sep 1, 2025Month: 2025-09. Delivered Argo Workflows Command Injection Detection Rule Enhancement for semgrep/semgrep-rules, expanding cross-language support and execution-context coverage in workflow scripts and containers. This work strengthens security detection for insecure parameter usage across scripting environments in CI/CD workflows, enabling earlier remediation and reducing risk. Commit reference: 54c51a32abeaac91db2857c0cf2a20483c4b5664.
September 2025
May 2025
1 Commits • 1 Features
May 1, 2025May 2025 monthly summary: Security-focused Semgrep rule delivered for the semgrep-rules repository to prevent Dockerfile dependency confusion; introduced an audit rule to detect use of --extra-index-url in pip install within Dockerfiles and warn when a dependency could be pulled from a public PyPI index instead of a private registry. This reduces risk in Docker image builds and strengthens supply chain security through user-facing guidance and automated checks.
May 2025
1 Commits • 1 Features
May 1, 2025May 2025 monthly summary: Security-focused Semgrep rule delivered for the semgrep-rules repository to prevent Dockerfile dependency confusion; introduced an audit rule to detect use of --extra-index-url in pip install within Dockerfiles and warn when a dependency could be pulled from a public PyPI index instead of a private registry. This reduces risk in Docker image builds and strengthens supply chain security through user-facing guidance and automated checks.
April 2025
7 Commits • 1 Features
Apr 1, 2025April 2025 monthly summary for semgrep/semgrep-rules: Focused delivery of rule hardening, noise reduction in CI, and alignment with updated cloud documentation and CWE guidance. Delivered targeted fixes and new lint capability that enhance security coverage, enable faster remediation, and improve developer productivity.
7 Commits • 1 Features
Apr 1, 2025April 2025 monthly summary for semgrep/semgrep-rules: Focused delivery of rule hardening, noise reduction in CI, and alignment with updated cloud documentation and CWE guidance. Delivered targeted fixes and new lint capability that enhance security coverage, enable faster remediation, and improve developer productivity.
April 2025
February 2025
1 Commits • 1 Features
Feb 1, 2025February 2025 monthly summary for semgrep/semgrep-rules focused on enhancing static security analysis for Kotlin. Delivered a feature refinement to detect MD5 hashing usage in Kotlin code by enhancing Semgrep rules to catch java.security.MessageDigest.getInstance("MD5") and org.apache.commons.codec.digest.DigestUtils.getMd5Digest(). This work improves vulnerability detection accuracy in Kotlin projects and reduces blind spots in security coverage. The change is tracked in the semgrep-rules repo with commit d1ab2dd0d7a2a37e9423440d84b0ca503000e8a6, described as 'Update use-of-md5.yaml (#3557)'.
February 2025
1 Commits • 1 Features
Feb 1, 2025February 2025 monthly summary for semgrep/semgrep-rules focused on enhancing static security analysis for Kotlin. Delivered a feature refinement to detect MD5 hashing usage in Kotlin code by enhancing Semgrep rules to catch java.security.MessageDigest.getInstance("MD5") and org.apache.commons.codec.digest.DigestUtils.getMd5Digest(). This work improves vulnerability detection accuracy in Kotlin projects and reduces blind spots in security coverage. The change is tracked in the semgrep-rules repo with commit d1ab2dd0d7a2a37e9423440d84b0ca503000e8a6, described as 'Update use-of-md5.yaml (#3557)'.
January 2025
1 Commits • 1 Features
Jan 1, 2025Concise monthly summary for 2025-01 focused on the semgrep/semgrep-rules repository. Feature delivered: Cloud SQL SSL Security Rules to detect insecure SSL modes across GCP Cloud SQL instances (PostgreSQL, MySQL, SQL Server). This includes added configuration files and test cases to enforce secure SSL settings and prevent unencrypted or weak SSL connections. No major bug fixes reported this period.
1 Commits • 1 Features
Jan 1, 2025Concise monthly summary for 2025-01 focused on the semgrep/semgrep-rules repository. Feature delivered: Cloud SQL SSL Security Rules to detect insecure SSL modes across GCP Cloud SQL instances (PostgreSQL, MySQL, SQL Server). This includes added configuration files and test cases to enforce secure SSL settings and prevent unencrypted or weak SSL connections. No major bug fixes reported this period.
January 2025
December 2024
3 Commits • 2 Features
Dec 1, 2024December 2024 monthly summary for semgrep/semgrep-rules focusing on delivering business value through CI modernization and rule accuracy improvements.
December 2024
3 Commits • 2 Features
Dec 1, 2024December 2024 monthly summary for semgrep/semgrep-rules focusing on delivering business value through CI modernization and rule accuracy improvements.
Activity
Loading activity data...
Quality Metrics
Correctness89.4%
Maintainability90.0%
Architecture88.0%
Performance85.0%
AI Usage25.0%
Skills & Technologies
Programming Languages
GoKotlinPythonTerraformYAMLdockerfilehclyaml
Technical Skills
CI/CDCI/CD SecurityCloud SecurityDevOpsGCPGitHub ActionsGo DevelopmentInfrastructure as CodeKotlin developmentLintingOWASP guidelinesPolicy as CodeReactRule DevelopmentRule Refinement
Repositories Contributed To
Overview of all repositories you've contributed to across your timeline