Semgrep icon
Semgrep icon

Semgrep

 Like

Semgrep is a fast, open-source, static analysis tool that excels at expressing code standards — without complicated queries — and surfacing bugs early at editor, commit, and CI time. Precise rules look like the code you’re searching; no more traversing abstract syntax trees or...

License model

  • FreemiumOpen Source

Platforms

  • Mac
  • Windows
  • Linux
Semgrep alternatives  
  No rating
0likes
0comments
28alternatives
0news articles

Features

Suggest and vote on features
  1.  Security Testing
  2.  Static Code Analysis
  3.  Static analysis

Semgrep News & Activities

Highlights All activities

Recent activities

Show all activities

Semgrep information

  • Developed by

    r2c

  • Licensing

    Open Source (LGPL-2.1) and Freemium product.

  • Pricing

    Subscription that costs $40 per month + free version with limited functionality.

  • Alternatives

    28 alternatives listed

  • Supported Languages

    • English

GitHub repository

  •  11,466 Stars
  •  682 Forks
  •  793 Open Issues
  •   Updated Apr 11, 2025 
View on GitHub

Popular alternatives

View all

Our users have written 0 comments and reviews about Semgrep, and it has gotten 0 likes

Semgrep was added to AlternativeTo by Paul on Feb 3, 2021 and this page was last updated Feb 3, 2021.
No comments or reviews, maybe you want to be first?
Post comment/review

What is Semgrep?

Semgrep is a fast, open-source, static analysis tool that excels at expressing code standards — without complicated queries — and surfacing bugs early at editor, commit, and CI time. Precise rules look like the code you’re searching; no more traversing abstract syntax trees or wrestling with regexes.

The Semgrep Registry has 1,000+ rules written by the Semgrep community covering security, correctness, and performance bugs. No need to DIY unless you want to.

Semgrep runs offline, on uncompiled code.

Semgrep is used in production everywhere from one-person startups to multi-billion dollar companies; it is the engine inside tools like NodeJsScan. Semgrep is developed and commercially supported by r2c, a software security company. r2c’s free hosted service, Semgrep Community, lets organizations write and share rules, and manage Semgrep in CI across many projects. r2c also offers a paid hosted tier for enterprises, Semgrep Team.

Official Links

AppStores & Other Links

Social Networks