How Semgrep leverages ticketing integrations to help customers address security vulnerabilities faster

How Semgrep leverages ticketing integrations to help customers address security vulnerabilities faster

Leif Dreizler
Senior Software Engineering Manager @ Semgrep

If we had to deal with 3rd-party API changes that broke our integrations, the work would quickly become all-consuming. Thankfully, Merge’s Partner Engineers provide a buffer between us and 3rd-party API vendors by performing the maintenance work on our behalf.

PROBLEM

Building and maintaining personalized integrations with limited resources

The team at Semgrep—which is an application security platform that helps engineering teams find and remediate security issues before build-time—knew they needed to integrate with clients’ ticketing tools, as both prospects and clients frequently asked for them. 

Despite the pressing need for supporting ticketing integrations, building them in-house wasn’t feasible. 

They had limited engineering resources available to scope, implement, and maintain these integrations. They also knew that their clients had unique integration requirements, which would only make the integration development process more resource intensive.

Leif Dreizler, a Senior Software Engineering Manager at Semgrep, explains further: “Our clients want and expect a specific set of functionality from their ticketing integrations. It’s hard for us to predict what each client is looking for and accommodate their needs at scale.”

The team knew they needed a 3rd-party solution that would not only offer the integrations their clients want but also allow clients to easily access and sync all the data they care about.

Solution

Using Merge's Unified API to automatically create and update tickets

Leif and his team took a few weeks to build their first integration through Merge’s Unified Ticketing API, but once they did, the process of adding additional integrations became quick and easy. Leif says that “Adding our second and third integration took about a day each.” 

Using the integrations, Semgrep users can easily create tickets without leaving the Semgrep platform. 

For instance, if a user wanted to create a new ticket based on a finding in Semgrep, they can simply check off the specific box for that issue in the platform and click “Create a Jira ticket”—which would create a ticket in Jira (or Linear/Asana) in near real-time. 

Creating a Jira ticket within Semgrep

In addition, users can easily determine if a given issue in Semgrep has already been ticketed via a specific icon in the platform's UI. They can also go on to view the ticket by clicking on the icon. This functionality ensures that users can access their tickets easily and avoid creating duplicate versions. 

Ticket icons in Semgrep's UI
Outcome

Providing reliable integrations that save users several hours every week

Semgrep’s users no longer have to manually create tickets for security issues, allowing them to save hours every week. Moreover, users can avoid potential errors associated with copying and pasting the data into their ticketing tool—ensuring that security vulnerabilities are captured accurately and addressed quickly. 

In addition, the team can rest easy knowing that Merge’s Ticket and Project Management Unified API supports a wide range of integrations. Leif explains further:

“Merge offers a future-proof solution for our ticketing integrations. If clients need new ticketing integrations tomorrow with, say, ServiceNow, we could easily accommodate the request through Merge’s Ticketing Unified API.”

Finally, the team at Semgrep doesn’t have to worry about maintaining the integrations, which is a huge relief to Leif. 

“If we had to deal with 3rd-party API changes that broke our integrations, the work would quickly become all-consuming. Thankfully, Merge’s Partner Engineers provide a buffer between us and 3rd-party API vendors by performing the maintenance work on our behalf.” 

So, what’s next in Semgrep’s journey with Merge? 

“We want to add custom mappings between Semgrep and clients’ ticketing tools so that their tickets are populated even more cleanly. We’re also looking to make the integrations bidirectional; in other words, any changes in the ticketing tool would lead to corresponding changes in the client’s instance of Semgrep,” explains Leif.

Given all the success they’ve had with Merge so far, we have no doubt that they’ll accomplish both of these tasks—and much more—with our platform in short order.

Your Success is our success

Make integrations your competitive advantage

Integrate today or talk to our sales team to learn how Merge unlocks hundreds of integrations in days – not years.