Semgrep v1.156.0: Enhanced Kotlin Support & Performance Fixes
Semgrep v1.156.0 brings improved Kotlin analysis, critical fixes for Ruby and TypeScript in Pro, and enhanced CI stability.
Quick Answer
Semgrep v1.156.0 is a minor release that brings improved kotlin analysis.
— Yuri Kan, Senior QA Lead
Table of Contents
Semgrep v1.156.0: Enhanced Kotlin Support & Performance Fixes #
Semgrep v1.156.0, released on 2026-03-17, focuses on improving language support and addressing key performance and stability issues. This minor update is categorized under Performance and Security.
Features/Improvements: Semgrep v1.156.0 enhances Kotlin support by updating its tree-sitter parser. This leads to more accurate static analysis for Kotlin projects.
Fixes: Several issues were addressed. Semgrep Pro now correctly distinguishes between Ruby variable accesses and zero-argument method calls in experimental interfile tainting. It also optimizes tsconfig.json parsing by memoizing results, reducing redundant operations. A general fix prevents semgrep ci from crashing when executed in a Git repository without a configured remote origin.
QA teams working with Kotlin projects will benefit from more reliable and accurate static analysis results, potentially finding issues earlier. Performance improvements in Semgrep Pro for Ruby and TypeScript projects can speed up scan times. The semgrep ci fix ensures smoother integration into CI pipelines, even in less common Git configurations.
The primary improvement is enhanced Kotlin support due to an updated tree-sitter parser, leading to better code analysis.
Does this update affect Semgrep Pro users specifically?
Yes, Semgrep Pro users benefit from fixes related to Ruby interfile tainting and `tsconfig.json` parsing performance.
What was fixed regarding `semgrep ci`?
A crash in `semgrep ci` when run in a Git repository without a remote origin configured has been resolved.
Should I upgrade to Semgrep v1.156.0?
Yes, upgrading to Semgrep v1.156.0 is recommended for the latest bug fixes, security patches, and new features. Review the changelog for breaking changes before upgrading in production.
Is Semgrep v1.156.0 stable for production use?
Semgrep v1.156.0 has been through the standard release process and is considered stable. As with any update, test your existing test suites after upgrading before deploying to production.
What breaking changes are in Semgrep v1.156.0?
Check the official changelog for Semgrep v1.156.0 for any breaking changes. Minor releases typically maintain backward compatibility, but always verify your configuration and plugins still work.
How do I update to Semgrep v1.156.0?
Update via your package manager (npm update, pip install --upgrade, etc.) or download from the official website. Back up your configuration first, then update and run your test suite to verify compatibility.
What are the key improvements in Semgrep v1.156.0?
Key improvements include bug fixes, performance enhancements, and new features. Check the release notes for detailed information on what changed and how it affects your testing workflow.
