Disclaimer: Semgrep provides security tooling that can support compliance efforts, but does not guarantee compliance. Organizations remain responsible for meeting all compliance requirements. Consult with your compliance team and auditors to determine how Semgrep fits into your compliance program. Last updated: November 2025 ISO 27017 extends ISO 27001 with cloud-specific security guidance for protecting customer data in cloud environments. This standard applies to cloud service providers and cloud customers. Semgrep may help address ISO 27017 cloud security guidance:Documentation Index
Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt
Use this file to discover all available pages before exploring further.
- Cloud service development: Continuous vulnerability scanning and policy enforcement can help demonstrate security controls in development processes. When properly configured with CI/CD systems, Semgrep can enforce secure coding practices at the pull request level. For details around proper configuration please chat with the Semgrep team.
- Vulnerability management: Automated detection and tracking of security issues in code that runs in cloud environments. Audit logs document security scanning activity, findings, and remediation with timestamps.
- Logging and monitoring: Audit logs provide documented evidence of continuous security monitoring across your cloud application codebase.
- Supply chain security: SBOM generation provides inventory of third-party components and dependencies deployed in cloud services, giving visibility into supply chain risk.
- Change management: Jira integration documents how security issues are tracked and remediated through your change management process with timestamps, assignments, and resolution status. Policy enforcement can help prevent vulnerable code from reaching cloud production environments.