Case Study: Thinkific reduces security noise and meets SLOs with Semgrep

How Thinkific uses Semgrep to meet its SLOs

Thinkific, an online platform company, faced significant challenges with its application security program. Their previous SAST and SCA tools were slow, generated a high rate of false positives, and could not be properly configured. This created a blocker for their development velocity and prevented their lean security team from effectively meeting its service level objectives for communication and remediation.

By implementing Semgrep Code for SAST and Semgrep Supply Chain for SCA, Thinkific gained a highly customizable solution. Semgrep enabled efficient communication of security issues to developers and drastically reduced noise. Using Semgrep Supply Chain, Thinkific achieved an 85% reduction in false positives, allowing developers to fix open source dependency issues within the required SLA timeframes.

Thinkific

Aleksandr Krasnov

Staff Security Engineer