Fine-tuning Semgrep for Ruby Security: Pundit and SQL injection

In this blog post, we’ll go over the construction and tuning of a few Semgrep rules I created while looking at a Ruby on Rails application. Semgrep is a powerful code analysis tool, and while there are a fair number of community rules, the default rules don’t cover everything, and you get a lot more...