Skip to content
Semgrep logo

Semgrep

App
Code scanning at ludicrous speed. Find bugs and reachable dependency vulnerabilities. Enforce standards on every commit
10,008 installs

Verified

GitHub has verified the publisher's identity, ownership of their domain, and compliance with other requirements.

Pricing

Semgrep Community plan available.

Semgrep is a fast, open-source, static analysis engine for finding bugs, detecting dependency vulnerabilities, and enforcing code standards. With 2,000+ built-in rules and easy-to-create custom ones, it finds the bugs that matter.

  • Open source engine, works on 25+ languages
  • Scan with 2,000+ community rules
  • Write rules that look like your code
  • Quickly get results in the terminal, editor, or CI/CD
  • Flag issues and get results in pull requests, Slack, + more

This GitHub App allows you to get Semgrep results as PR comments, add Semgrep to your projects with one-click, and manage rules and results across multiple projects from one centralized place. Learn more at semgrep.dev.

Semgrep is supported by Semgrep, Inc. It is an evolution of pfff, which began at Facebook in 2009, which itself was an evolution of the Linux refactoring tool Coccinelle.

One-click add Semgrep to your project

Supported languages

 (10)
JavaScript, Ruby, Python, C, Java, Go, C#, Rust, TypeScript, and Solidity

Plans and pricing

Semgrep Community for personal accounts and organizations
$0

Next: Confirm your installation location

Semgrep is provided by a third-party and is governed by separate terms of service, privacy policy, and support contact.

About

Code scanning at ludicrous speed. Find bugs and reachable dependency vulnerabilities. Enforce standards on every commit
10,008 installs

Verified

GitHub has verified the publisher's identity, ownership of their domain, and compliance with other requirements.

Pricing

Semgrep Community plan available.

Supported languages

 (10)
JavaScript, Ruby, Python, C, Java, Go, C#, Rust, TypeScript, and Solidity