Semgrep v1.164.0 Minor Release

Official Website ↗ View Full Changelog ↗

Upgrade from v1.163.0 → v1.164.0

Jun 24, 2026 · 2 min · Performance and Security

Semgrep v1.164.0: Enhanced Performance & Scan Accuracy

Semgrep v1.164.0 improves baseline scan accuracy, optimizes memory for Linux Pro scans, and enhances Dart language support.

Table of Contents

Semgrep v1.164.0: Enhanced Performance & Scan Accuracy

Semgrep, a powerful static analysis tool, has released version 1.164.0, focusing on performance, compatibility, and scan accuracy. This minor update, released on 2026-05-27, brings significant improvements for various environments and language support. For full details, refer to the official release notes.

TL;DR

Baseline diff scans now handle rule failures more accurately, reducing false positives.
Linux Pro interfile scans adapt memory limits to cgroup, improving performance.
Expanded Dart language support with typed metavariables and improved parser fidelity.

Key Changes

Performance & Compatibility: Semgrep Pro’s interfile scans on Linux now dynamically adjust their memory limit based on the container’s cgroup, optimizing resource use. Glibc compatibility has been broadened, now supporting versions >=2.34, which includes RHEL 9 and AL2023. This allows for wider installation of the Semgrep wheel.
Scan Accuracy & Reliability: A significant fix addresses baseline diff scans (semgrep ci and --baseline-commit), preventing all findings on a file from being marked as new if a single rule failed. This improves the signal-to-noise ratio for new findings. Issues with yarn.lock parsing for Yarn Berry entries and unreliable target filtering in parallel scans have also been resolved.
Dart Language Support: Dart analysis gains new capabilities, including typed metavariables ($X as T), metavariable binding in string interpolations, and function-definition patterns. The Dart parser’s fidelity for Dart 3 grammar features has been improved, reducing PartialParsing errors on real-world packages.
SARIF Output Correction: Suppressed findings are now correctly excluded from --sarif-output and --sarif reports, ensuring accurate scan results and preventing blockages.

Impact for QA Teams

QA teams will benefit from more precise baseline diff reports, reducing the effort needed to triage new findings. Improved compatibility with common Linux distributions and more reliable static analysis for Dart projects mean broader and more dependable coverage for SAST workflows. The accurate SARIF output ensures suppressed findings do not interfere with reporting or CI/CD pipelines.

FAQ

Q: What’s the main improvement for baseline scans?
- A: Baseline diff scans no longer treat all findings as new if a rule failed, providing more accurate “new vs baseline” comparisons.
Q: How does this update affect Semgrep on Linux?
- A: Pro interfile scans now adapt memory limits to cgroup, and Glibc compatibility is extended to versions like 2.34 (RHEL 9).
Q: Are there any new features for Dart projects?
- A: Yes, Dart now supports typed metavariables, metavariable binding in string interpolations, and improved parser fidelity for Dart 3.

Frequently Asked Questions

What's the main improvement for baseline scans?

Baseline diff scans no longer treat all findings as new if a rule failed, providing more accurate "new vs baseline" comparisons.

How does this update affect Semgrep on Linux?

Pro interfile scans now adapt memory limits to cgroup, and Glibc compatibility is extended to versions like 2.34 (RHEL 9).

Are there any new features for Dart projects?

Yes, Dart now supports typed metavariables, metavariable binding in string interpolations, and improved parser fidelity for Dart 3.

Performance and Security

About the Author

Senior QA Lead with 7+ years of experience. Former Google (Waze), now building quality systems for AI platforms.

More about me →

Stay up to date with tool updates

Tools Updates →