Opengrep

We’re excited to introduce Opengrep, an open-source static code analysis engine built to ensure code security testing remains truly open and accessible to everyone. 🚀

🤔 Why Opengrep? Recently, Semgrep made changes that shifted critical features of its OSS engine and community-contributed rules behind a commercial license. While this was their decision, it left a gap for developers and organizations who believe security should be collaborative, open, and freely available. Enter Opengrep.

🌟 What makes Opengrep special – A fully open-source static code analysis engine with no hidden features or license constraints. – Backward compatibility with common JSON and SARIF outputs, making adoption seamless. – Community-focused development, with contributions reviewed and accepted on merit—not tied to any single company’s commercial goals. – Your rules won't be locked into specific vendors, so you can take them easily between your jobs no matter which code security provider they use. – Long-term stability and future-proofing with plans to transition Opengrep under foundation management.

🌐 Our mission: discovering security issues must remain accessible to all. Opengrep will empower every developer with open and transparent SAST, making secure software development a shared standard.

💻 Whether you’re a developer, security engineer, or part of a vendor community, your contributions matter! Join us in building a robust, open alternative that prioritizes innovation and accessibility.

💬 How you can get involved: – Give Opengrep a try and let us know your feedback. – Contribute to the project—our doors are open for PRs and community ideas. – Join our open roadmap session on February 6th to shape the future of Opengrep. Registration link can be found on Opengrep socials.

Security is for everyone, and we’re here to make it a reality. Let’s build something amazing together! 🔒?