Semgrep
AppCode scanning at ludicrous speed. Find bugs and reachable dependency vulnerabilities. Enforce standards on every commit
By semgrep
10,008 installs
Tags
(2)Verified
Pricing
Semgrep is a fast, open-source, static analysis engine for finding bugs, detecting dependency vulnerabilities, and enforcing code standards. With 2,000+ built-in rules and easy-to-create custom ones, it finds the bugs that matter.
- Open source engine, works on 25+ languages
- Scan with 2,000+ community rules
- Write rules that look like your code
- Quickly get results in the terminal, editor, or CI/CD
- Flag issues and get results in pull requests, Slack, + more
This GitHub App allows you to get Semgrep results as PR comments, add Semgrep to your projects with one-click, and manage rules and results across multiple projects from one centralized place. Learn more at semgrep.dev.
Semgrep is supported by Semgrep, Inc. It is an evolution of pfff, which began at Facebook in 2009, which itself was an evolution of the Linux refactoring tool Coccinelle.
One-click add Semgrep to your project
Let rules monitor only, comment, or even block PRs
Review findings across all projects or filter down to specific projects
Go directly from a finding to the specific code location that triggered it within GitHub
Supported languages
(10)Plans and pricing
Semgrep Community for personal accounts and organizations
$0Semgrep is provided by a third-party and is governed by separate terms of service, privacy policy, and support contact.