Semgrep Supply Chains Failing
Incident Report for Semgrep
Postmortem

On 6/22/23, Semgrep Supply Chain scans were failing for SSC users between approximately 10:22 am PST and 12:15 pm PST.

Here’s a timeline of what happened:

  • At 10:22 am PST, we became aware of scan issues via error logs and reports from semgrep supply chain users.

  • At 11:50 am PST, we identified the root cause of the issue:

    • Our rule deployment system encountered a race condition, where a subset of new, unpublished Supply Chain rules—which caused Semgrep to crash—were erroneously made public.

  • At 12:15 pm PST, we refreshed the state and redeployed our rule deployment system fixing the error and restoring normal behavior.

As a follow-up, we are immediately investigating how to make our system more resilient, such that similar errors no longer occur in the future. We truly appreciate customers being patient with us as we worked through this issue.

Posted Jun 22, 2023 - 21:41 UTC
Resolved
This incident has been resolved.
Posted Jun 22, 2023 - 20:39 UTC
Investigating
We’re aware of issues currently with Semgrep Supply Chain scans failing. We’ve narrowed the issue down to one of our rules services, and the team is currently investigating the root cause.
Posted Jun 22, 2023 - 19:57 UTC
Current Status Powered by Atlassian Statuspage