Iago Abal

Software Engineer

Pontevedra, Galicia, Spain
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
Iago Abal is a software engineer with 14 years' experience specializing in static analysis and formal software verification, based in Pontevedra, Galicia. He contributes to prominent open-source projects like Semgrep and Coccinelle, improving language support, control-flow analysis, and inter-procedural taint propagation to make automated vulnerability detection more precise. His work spans engine-level enhancements (constant propagation, parsing tricky language constructs) and practical security rule maintenance, closing real-world gaps such as injection flaws and insecure transport patterns. Comfortable in back-end and security-focused roles, he combines careful refactoring with feature development to strengthen tooling reliability. Notably, his contributions improve both the theoretical analysis (CFG and variability parsing) and the day-to-day utility of widely used security scanners.
code14 years of coding experience
stackoverflow-logo

Stackoverflow

Stats
277reputation
4kreached
4answers
3questions
github-logo-circle

Github Skills (43)

javascript10
static-analysis10
flow-control10
dataflow10
python10
taint10
semgrep10
it-security10
c1110
ocaml10
security10
c1710
vulnerability-detection10
parsing10
control-flow10

Programming languages (12)

MDXDockerfileShellC++CSolidityOCamlMove

Github contributions (5)

github-logo-circle
semgrep/semgrep

Sep 2020 - Jan 2023

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Role in this project:
userBack-end Developer & Security Engineer
Contributions:1311 reviews, 480 commits, 698 PRs in 2 years 5 months
Contributions summary:Iago primarily contributed to the improvement of Semgrep's static analysis capabilities, focusing on enhancing the engine's support for various programming languages. Their work involved implementing and refining constant propagation, which improves the detection of vulnerabilities. They also addressed several issues related to accurately parsing and analyzing specific language constructs (like Ruby's block syntax and C#'s and Java's synchronized statements), as well as improving the accuracy of the code analysis by addressing problems like handling different assignment operations, recognizing function calls and arguments and taking into account the special tokens. Furthermore, they added support for inter-procedural taint analysis using `pattern-propagators`.
looklinterpythonr2cjavascript
semgrep/semgrep-rules

Apr 2021 - Dec 2022

Semgrep rules registry
Role in this project:
userSecurity Engineer
Contributions:23 reviews, 16 commits, 33 PRs in 1 year 7 months
Contributions summary:Iago's contributions primarily involve improving and maintaining security rules within the `semgrep-rules` repository. They addressed vulnerabilities and fixed rules related to insecure code patterns, including injection flaws, insecure transport protocols, and the use of potentially unsafe configurations. The user demonstrated expertise in identifying and mitigating security risks by updating existing rules and adapting them to the latest Semgrep features and improvements. They also corrected test expectations, reflecting a strong understanding of the project's testing framework.
securitysemgrepsemgrep-rulessemgrep-registryprogram-analysis
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Iago Abal - Software Engineer