Taint analysis optimization
Intro
Vulnerabilities like SQL injections can be caught statically with static analysis methods like taint checking. Semgrep, an appsecurity tool, implements this feature and is able to track code across many files. Semgrep also lets you write your own rules for what you want to scan for.
In 2025, I interned at Semgrep and worked on optimizing the performance of the taint checking. Especially in respect to scalability with more rules.
End-of-internship presentation slides
I presented these slides to the entire company, so they are meant to be digestable for anyone somewhat familiar with Semgrep.
Caption: Embedded Google Slides deck