The last 5-10 years have seen the availability of a new group of static analysis tools that are significantly easier to get ahold of, faster, and easier to develop custom rules for. While none of these are sufficient out of the box to do effective vulnerability research, my experience is that they can greatly improve the experience and allow a researcher to identify vulnerabilities faster and at larger scale than simply relying on manual analysis alone. Going Beyond Grep introduces the audience to a number of options within this space though will focus on CodeQL and Semgrep as the two leaders. We'll quickly compare the two and discuss the conditions where one may make sense over the other. We'll discuss some of the ways that these tools can improve the exploration of code bases, help to identify exploitable conditions faster, and be used to scale variant analysis to allow the discovery of vulnerabilities at scale. We'll finish by looking at some of the tooling available today to support this, talk about the gaps that I feel need to be filled in to be more successful, and the blockers stopping broader adoption.