Semgrep Guardian: Security for AI-Generated Code(semgrep.dev) |
Semgrep Guardian: Security for AI-Generated Code(semgrep.dev) |
That means there is an unprecedented opportunity to make both security and developer outcomes better by shaping agent behavior towards secure defaults. Even things like "don't add dependencies unless these conditions are met; we only want top1000 NPM dependencies, otherwise just write it yourself."
Capabilities like this will have a big impact on the OSS ecosystem (positive and negative) as they profilerate.