semgrep.dev
Open in
urlscan Pro
13.32.99.31
Public Scan
Submitted URL: https://returntocorporation.oramalthea.com/api/mailings/click/PMRGSZBCHIZDONJXHE2SYITVOJWCEORCNB2HI4DTHIXS643FNVTXEZLQFZSGK5RPMNQXGZJNON2HK...
Effective URL: https://semgrep.dev/case-studies/lyft/
Submission Tags: urlscan
Submission: On March 22 via api from US — Scanned from DE
Effective URL: https://semgrep.dev/case-studies/lyft/
Submission Tags: urlscan
Submission: On March 22 via api from US — Scanned from DE
Form analysis 4 forms found in the DOM
<form id="mktoForm_1180" class="subscribeForm mktoForm mktoHasWidth mktoLayoutLeft" novalidate="novalidate" style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); width: 531px;" digitalpi-utms-added="true">
<style type="text/css">
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton {
color: #fff;
border: 1px solid #75ae4c;
padding: 0.4em 1em;
font-size: 1em;
background-color: #99c47c;
background-image: -webkit-gradient(linear, left top, left bottom, from(#99c47c), to(#75ae4c));
background-image: -webkit-linear-gradient(top, #99c47c, #75ae4c);
background-image: -moz-linear-gradient(top, #99c47c, #75ae4c);
background-image: linear-gradient(to bottom, #99c47c, #75ae4c);
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:hover {
border: 1px solid #447f19;
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:focus {
outline: none;
border: 1px solid #447f19;
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:active {
background-color: #75ae4c;
background-image: -webkit-gradient(linear, left top, left bottom, from(#75ae4c), to(#99c47c));
background-image: -webkit-linear-gradient(top, #75ae4c, #99c47c);
background-image: -moz-linear-gradient(top, #75ae4c, #99c47c);
background-image: linear-gradient(to bottom, #75ae4c, #99c47c);
}
</style>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 10px;">
<div class="mktoOffset" style="width: 10px;"></div>
<div class="mktoFieldWrap mktoRequiredField"><label for="Email" id="LblEmail" class="mktoLabel mktoHasWidth" style="width: 100px;">
<div class="mktoAsterix">*</div>Email<span style="font-size: 10px;"><sup><span style="color: #ff0000;">*</span></sup></span>
</label>
<div class="mktoGutter mktoHasWidth" style="width: 10px;"></div><input id="Email" name="Email" placeholder="Enter your email" maxlength="255" title="Enter your email here" aria-labelledby="LblEmail InstructEmail" type="email"
class="mktoField mktoEmailField mktoHasWidth mktoRequired" aria-required="true" style="width: 420px;"><span id="InstructEmail" tabindex="-1" class="mktoInstruction">Enter your email here</span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="UTM_Term__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="UTM_Campaign__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="UTM_Source__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="UTM_Medium__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="UTM_Content__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
<div class="mktoClear"></div>
</div>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoSimple" style="margin-left: 120px;"><button type="submit" class="mktoButton">Subscribe</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor"
value="1180"><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="825-QQZ-896"><input type="hidden" name="originalUTMMedium" class="mktoField mktoFieldDescriptor" value="none"><input type="hidden"
name="originalUtmSource" class="mktoField mktoFieldDescriptor" value="none">
</form><form id="mktoForm_1070" class="mkForm mktoForm mktoHasWidth mktoLayoutLeft" novalidate="novalidate" style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); width: 531px;" digitalpi-utms-added="true">
<style type="text/css">
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton {
color: #fff;
border: 1px solid #75ae4c;
padding: 0.4em 1em;
font-size: 1em;
background-color: #99c47c;
background-image: -webkit-gradient(linear, left top, left bottom, from(#99c47c), to(#75ae4c));
background-image: -webkit-linear-gradient(top, #99c47c, #75ae4c);
background-image: -moz-linear-gradient(top, #99c47c, #75ae4c);
background-image: linear-gradient(to bottom, #99c47c, #75ae4c);
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:hover {
border: 1px solid #447f19;
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:focus {
outline: none;
border: 1px solid #447f19;
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:active {
background-color: #75ae4c;
background-image: -webkit-gradient(linear, left top, left bottom, from(#75ae4c), to(#99c47c));
background-image: -webkit-linear-gradient(top, #75ae4c, #99c47c);
background-image: -moz-linear-gradient(top, #75ae4c, #99c47c);
background-image: linear-gradient(to bottom, #75ae4c, #99c47c);
}
</style>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 10px;">
<div class="mktoOffset" style="width: 10px;"></div>
<div class="mktoFieldWrap mktoRequiredField"><label for="Email" id="LblEmail" class="mktoLabel mktoHasWidth" style="width: 100px;">
<div class="mktoAsterix">*</div>Email<span style="font-size: 10px;"><sup><span style="color: #ff0000;">*</span></sup></span>
</label>
<div class="mktoGutter mktoHasWidth" style="width: 10px;"></div><input id="Email" name="Email" placeholder="Enter your email" maxlength="255" title="Enter your email here" aria-labelledby="LblEmail InstructEmail" type="email"
class="mktoField mktoEmailField mktoHasWidth mktoRequired" aria-required="true" style="width: 420px;"><span id="InstructEmail" tabindex="-1" class="mktoInstruction">Enter your email here</span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="UTM_Term__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="UTM_Campaign__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="UTM_Source__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="UTM_Medium__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="UTM_Content__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
<div class="mktoClear"></div>
</div>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoSimple" style="margin-left: 120px;"><button type="submit" class="mktoButton">Subscribe</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor"
value="1070"><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="825-QQZ-896"><input type="hidden" name="originalUTMMedium" class="mktoField mktoFieldDescriptor" value="none"><input type="hidden"
name="originalUtmSource" class="mktoField mktoFieldDescriptor" value="none">
</form><form class="mkForm mktoForm mktoHasWidth mktoLayoutLeft" novalidate="novalidate"
style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;"></form><form class="subscribeForm mktoForm mktoHasWidth mktoLayoutLeft" novalidate="novalidate"
style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;"></form>Text Content
Sign InProduct SupportContact Us Book demoTry for free Products PRODUCTS SEMGREP CODE Find and fix issues that matter in your code (SAST) SEMGREP SUPPLY CHAIN Find and fix reachable dependency vulnerabilities (SCA) SEMGREP SECRETS Find and fix secrets using Semantic Analysis PLATFORM SEMGREP ASSISTANT Automated recommendations for triage and code remediation using Semgrep assisted by GPT-4 SEMGREP CLOUD PLATFORM Manage and enforce code standards across your organization SEMGREP PRO ENGINE Advanced analysis for detecting vulnerabilities across files and functions. FEATURED REGISTRY Find rules written by Semgrep and the community. PLAYGROUND Write and share rules using our online interactive tool. PRODUCT UPDATES Stay up to date on changes to the Semgrep platform, big and small. DEMO CENTER Check out the guided tour of Semgrep Supply Chain Resources DOCS Want to read all the docs? Start here BLOG Get the latest news about Semgrep ROI CALCULATOR See how Semgrep can reduce your tech debt COMMUNITY SLACK Join the friendly Slack group to ask questions or share feedback EVENTS Join us at a Semgrep Event! CASE STUDIES See why users love Semgrep FEATURED Blog INTRODUCING SEMGREP SECRETS Blog SEMGREP, A CODE & SUPPLY CHAIN SECURITY SEARCH ENGINE, RAISES SERIES C Resource Hub Company ABOUT The Semgrep story & values CAREERS Join the team! PricingSign InProduct SupportContact Us Book demoTry for free Book demoTry for free Case StudiessecurityHow Lyft finds security issues that matter with Semgrep Customer Success Story HOW LYFT FINDS SECURITY ISSUES THAT MATTER WITH SEMGREP * The ease of writing custom rules and testing with Semgrep has been valuable to Lyft in catching issues specific to its code * Semgrep Supply Chain (SCA) has enabled Lyft to identify and prioritize the dependency updates that matter the most SUBSCRIBE TO OUR NEWSLETTER * Email* Enter your email here Subscribe SHARE SHARE About the security team at LyftSecurity before SemgrepEase of writing custom rules with SemgrepSemgrep Supply Chain helps significantly reduce noiseLooking forward ABOUT THE SECURITY TEAM AT LYFT Lyft’s product security team is responsible for the security of all its products. Their goal is to scale security by shifting left as much as possible through the building of tooling and processes that catch security issues early in the software development lifecycle. SECURITY BEFORE SEMGREP In order to shift left, finding issues specific to their code is very important as it drastically reduces the number of false positive issues surfaced to developers. The higher the number of false positives, the less likely developers can fix issues. Therefore Lyft needed a solution that could support custom rule writing and testing. Before Semgrep, the Lyft security team wrote custom rules with tools that proved to be too time-consuming. This meant spending hours writing rules and validating them. As a result, the Lyft security team realized they needed to be more efficient and began seeking out a SAST solution. EASE OF WRITING CUSTOM RULES WITH SEMGREP The security team at Lyft chose Semgrep because it simplified writing custom rules and covered all coding languages used by Lyft. And, these custom rules enabled Lyft to find issues for its specific code and infrastructure. For example, an application security engineer can go days without needing to write or modify a custom rule, and Semgrep’s rule syntax makes it easy to start writing or modifying rules again. This allows them to spend their time on other pressing projects. Other SAST solutions didn't provide Lyft with this level of expertise, especially as it relates to their complex rule syntax. Lyft also adopted Semgrep because of its support for the necessary CI/CD tools and well-maintained Pro rules. https://semgrep.dev/r?q=gitlab.bandit.B506 The security team at Lyft customizes rules like this by adding a couple of patterns to catch issues specific to their code SEMGREP SUPPLY CHAIN HELPS SIGNIFICANTLY REDUCE NOISE Lyft was using another product for scanning open source dependencies (SCA), which they found to be extremely noisy - so noisy that they could not surface the findings from that product to developers. With Semgrep Supply Chain’s reachability analysis, the security team at Lyft has more confidence in surfacing SCA findings to developers because they are now actionable. For example, the security team can now ask developers to fix the issues because there is proof that developers use the vulnerable dependencies in their code. Semgrep Supply Chain also points out the exact location and when the code was introduced, making it easy for developers to fix the issue and rule out false positives. > “Semgrep Supply Chain has helped reduce the noise by 95%” Khanh Le-Do, > Security Software Engineer at Lyft When the Log4Shell vulnerability was announced, the security team at Lyft identified and remediated all instances of Log4Shell immediately. Semgrep Supply Chain helped in finding a non-production, internal instance of Log4Shell in a dependency. The security team at Lyft values the work that Semgrep’s security researchers put into analyzing each CVE and writing reachability rules for them. When a rule can be improved, the feedback process is straightforward and produces quality results. The Semgrep Supply Chain findings are routed to Lyft’s own open source security graph tool - Cartography. The security team asks the developers to fix only the reachable findings from Semgrep Supply Chain. Thus, Semgrep Supply Chain has enabled the security team at Lyft to reduce the noise with actionable findings and shift left. LOOKING FORWARD The security team is excited to try out Semgrep Assistant— which uses AI to auto-triage security issues and automatically recommend code fixes. Due to the significant time savings because of Semgrep Supply Chain, the security team is looking forward to scaling their security program by tightly integrating Semgrep into their workflow and enabling use cases such as writing more custom rules, improving current rules, and testing them out against all repositories. ABOUT Semgrep lets security teams partner with developers and shift left organically, without introducing friction. Semgrep gives security teams confidence that they are only surfacing true, actionable issues to developers, and makes it easy for developers to fix these issues in their existing environments. FEATURED POSTS FROM THE SEMGREP BLOG, WRITTEN BY OUR ENGINEERING TEAM: Announcement December 01, 20223 min read RELEASING SEMGREP 1.0 Yoann Padioleau Security January 17, 20239 min read XML SECURITY IN JAVA Pieter De Cremer Best practices October 13, 20228 min read A DEEP DIVE INTO SEMGREP SUPPLY CHAIN Kurt Boberg Find and fix the issues that matter before build time Semgrep helps organizations shift left without the developer productivity tax. Get started in minutesBook a demo Make shift left work Products Semgrep Code Semgrep Supply Chain Semgrep Cloud Platform Semgrep Pro Engine Community Blog Resources Docs ROI Calculator Pricing Getting Started With Semgrep Registry Playground Book a demo Help Center Company About Careers Contact us STAY UP TO DATE Subscribe to our newsletter * Email* Enter your email here Subscribe © 2024 Semgrep, Inc. Semgrep is a registered trademark of Semgrep, Inc. TermsPrivacy By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Semgrep's Privacy Policy Cookies Settings Reject Optional Cookies Accept All Cookies PRIVACY PREFERENCE CENTER When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information Allow All MANAGE CONSENT PREFERENCES STRICTLY NECESSARY COOKIES Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. PERFORMANCE COOKIES Performance Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. FUNCTIONAL COOKIES Functional Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. TARGETING COOKIES Targeting Cookies These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. SOCIAL MEDIA COOKIES Social Media Cookies These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools. Back Button COOKIE LIST Search Icon Filter Icon Clear checkbox label label Apply Cancel Consent Leg.Interest checkbox label label checkbox label label checkbox label label Reject Optional Cookies Confirm My Choices