Semgrep
Semgrep is a fast, open-source, static analysis tool that excels at expressing code standards — without complicated queries — and surfacing bugs early at editor, commit, and CI time. Precise rules look like the code you’re searching; no more traversing abstract syntax trees or...
Cost / License
- Freemium (Subscription)
- Open Source
United StatesPlatforms
- Mac
- Windows
- Linux
Features
- Security Testing
- Static Code Analysis
- Static analysis
Semgrep News & Activities
Recent activities
Semgrep information
What is Semgrep?
Semgrep is a fast, open-source, static analysis tool that excels at expressing code standards — without complicated queries — and surfacing bugs early at editor, commit, and CI time. Precise rules look like the code you’re searching; no more traversing abstract syntax trees or wrestling with regexes.
The Semgrep Registry has 1,000+ rules written by the Semgrep community covering security, correctness, and performance bugs. No need to DIY unless you want to.
Semgrep runs offline, on uncompiled code.
Semgrep is used in production everywhere from one-person startups to multi-billion dollar companies; it is the engine inside tools like NodeJsScan. Semgrep is developed and commercially supported by r2c, a software security company. r2c’s free hosted service, Semgrep Community, lets organizations write and share rules, and manage Semgrep in CI across many projects. r2c also offers a paid hosted tier for enterprises, Semgrep Team.