How Semgrep rebuilt integrations with Nango, unlocking widespread adoption

Semgrep is an extensible AppSec platform to secure what others can't; a powerful static analysis tool that helps developers identify vulnerabilities, exposed secrets, and third-party security risks in their code. Their recent Assistant launch provided AppSec engineers a 20% productivity boost on day one, and 40% by day seven. However, security findings are only helpful if they can be acted upon effectively. Many companies using Semgrep rely on external tools like Jira to track and remediate security issues.

Before Nango: Issues with inflexible integration platforms

Before integrating with Nango, Semgrep faced several challenges with their integrations:

• Manual and fragmented integrations: Some integrations, like Slack and email notifications, were built in-house. Ticketing integrations were handled through an integration provider, which had limitations.
• Inflexibility of other integration platforms: Semgrep could only build what their previous integration provider offered, which was limited. They couldn’t create the integrations their customers actually needed, forcing them to either work around limitations or leave critical gaps in their offerings.
• Lack of control: their previous integration provider did not support Jira Data Center, and there was no way for Semgrep to extend or modify it to fit their customers’ needs.
• Maintenance overhead: Managing integrations internally was resource-intensive, especially handling authentication and credential storage.
• Business impact: Limited integration support affected adoption, as some users couldn’t create tickets in their preferred issue-tracking tools.

Why Semgrep chose Nango

Semgrep explored various options for improving their integrations, including building them in-house and evaluating solutions like Paragon and APIDeck. Ultimately, Nango stood out for several key reasons:

• Unmatched flexibility: "Flexibility is such an important thing. It’s paid off so well. As a developer, I can support a new integration whenever needed." said Zack Hickman, Senior Software Engineer II at Semgrep. With Nango, Semgrep never has to worry about hitting a blocker. They can quickly implement any integration that customers request, ensuring they always meet user needs.
• Full control over integrations: Semgrep needed the ability to shape integrations exactly as required. With Nango, they could develop features the way they envisioned them, rather than being constrained by rigid schemas or third-party limitations.
• Simplified authentication: Managing OAuth and API credentials is complex, and Semgrep wanted to avoid storing and handling them manually. Nango’s authentication features solved this pain point.
• Developer-first approach: As an open-source company, Semgrep resonated with Nango’s flexibility and ability to adapt to their needs.

Results with Nango

Building integrations that customers actually wanted

With Nango, Semgrep successfully built a robust Jira Cloud integration, with the possibility of adding Jira Data Center in the future. More importantly, they could build it exactly as customers needed it—without being limited by a third-party provider’s constraints. This allowed them to:

• Enable customers to create tickets automatically when security scans finish.
• Support enterprise customers with Jira Data Center in the future.
• Improve issue triaging by ensuring only relevant findings were converted into tickets, reducing noise. "Now, issues are created in a way that makes sense for users. No longer a stream of noise polluting Jira instances.", Hickman noted.

Multiplying customer adoption

By solving the Jira integration challenge and delivering the features users actually needed, Semgrep unlocked new adoption among customers who previously couldn’t integrate with their issue-tracking workflows. Over 100 users are now leveraging the Jira integration. "Many of our users couldn’t use the old Jira version. Now, there’s great adoption, and customers are happy.", Hickman added.

Reduced maintenance burden

Managing integrations internally was time-consuming, especially ensuring authentication was handled securely. By offloading this complexity to Nango, Semgrep’s team could focus on their core security product instead of spending time on integration maintenance.

High-quality support

Beyond the technical benefits, Semgrep appreciated Nango’s strong developer support. "The team is incredibly responsive in Slack. We hold ourselves to high standards in support, and it’s great to work with a provider that does the same."

Future plans with Nango

Semgrep is now looking to expand their integration capabilities even further:

• New ticketing integrations: Linear and additional Jira versions, including Jira Data Center, are on the roadmap.
• Beyond ticketing: Semgrep is considering using Nango for Slack and email notifications, further simplifying how security alerts are delivered.
• Status syncing: A long-requested feature, status syncing between Semgrep and issue trackers, is now being implemented with Nango’s support.

Conclusion

Nango has enabled Semgrep to build flexible, scalable, and maintainable integrations without the headaches of authentication management or rigid APIs. By adopting Nango, Semgrep has improved customer satisfaction, increased adoption, and freed up engineering resources to focus on security innovations. "With Nango, we can develop the features we want, the way we pictured them. That’s been a game-changer." said Zack Hickman. With future integrations on the horizon, Semgrep continues to leverage Nango as a critical part of their integration strategy.