Subscribe to our Newsletter
Software security challenges
FloQast uses the MERN (an acronym for MongoDB, Express, React, and Node) stack for most of its applications. The application security team is responsible for securing the entire technology stack. As FloQast continues its tremendous growth, Harrison Richardson (Senior Application Security Engineer at FloQast) expects the addition of new languages to the technology stack.
Before adopting Semgrep, FloQast scanned its code using a homegrown static analysis tool. The biggest challenge with the homegrown tool was its inability to scale as the technology stack grew.
FloQast’s Application Security Engineers used the homegrown tool to write code scanning rules, but adding rules to support new languages involved a lot of heavy technical work. As FloQast continued its growth, Harrison realized the need for a commercial product that would help the security posture scale without affecting productivity.
FloQast meets Semgrep
The ability to reduce false positives by understanding how a tool works was vital in FloQast’s evaluation of different static analysis products. After evaluating a variety of products, Harrison decided to adopt Semgrep because of its simplicity and effectiveness. In addition to the transparency and customizability, the support for 25+ languages offered by Semgrep made Harrison confident about adopting Semgrep so as to get fewer false positives and scale their security program.
Since then, the Application Security team at FloQast has integrated Semgrep into its CI/CD pipeline. Every pull request (PR) goes through a Semgrep check.
Quick incident response + Ease of managing security policies