TL;DR

  • Improved Scala parsing accuracy with Tree-sitter.
  • Enhanced support for variadic functions in taint analysis.
  • Fixed performance issues with Unicode characters in rules.

Key Changes

Semgrep v1.160.0, released on 2026-04-16, refines static analysis capabilities and addresses performance bottlenecks. This minor update introduces significant improvements for Scala projects and rule processing.

New Features:

  • Scala Parsing: A new Tree-sitter parser has been integrated for Scala, offering improved parsing accuracy. This update includes a fallback to the pfff parser, ensuring reliability.
  • Taint Analysis (Pro): Support for variadic functions in taint analysis has been enhanced, leading to more precise security findings for complex codebases.

Fixes:

  • Rule Performance: Performance issues encountered when parsing Semgrep rules containing emoji or other non-BMP Unicode characters have been resolved. This ensures faster rule execution.
  • Rule Validation: Semgrep now emits a warning with detailed failure information when semgrep-core rule validation fails and falls back to JSON schema validation. This provides clearer feedback for rule authors.

For more details, refer to the official release notes.

Impact for QA Teams

QA engineers tracking Semgrep updates will find this version beneficial for improving SAST results, especially for Scala applications. The enhanced taint analysis contributes to more reliable security testing. Performance fixes mean faster scan times for projects using complex rules, and clearer validation warnings streamline rule development and maintenance.