Skip to content
Semgrep

Semgrep

Code scanning at ludicrous speed. Find bugs and reachable dependency vulnerabilities. Enforce standards on every commit

by semgrep9,065 installs

About

GitHub has verified that the publisher controls the domain and meets other requirements.

Supported languages

JavaScript, Ruby, Python, C, Java, Go, C#, Rust, TypeScript, and Solidity

Semgrep is a fast, open-source, static analysis engine for finding bugs, detecting dependency vulnerabilities, and enforcing code standards. With 2,000+ built-in rules and easy-to-create custom ones, it finds the bugs that matter.

  • Open source engine, works on 25+ languages
  • Scan with 2,000+ community rules
  • Write rules that look like your code
  • Quickly get results in the terminal, editor, or CI/CD
  • Flag issues and get results in pull requests, Slack, + more

This GitHub App allows you to get Semgrep results as PR comments, add Semgrep to your projects with one-click, and manage rules and results across multiple projects from one centralized place. Learn more at semgrep.dev.

Semgrep is supported by Semgrep, Inc. It is an evolution of pfff, which began at Facebook in 2009, which itself was an evolution of the Linux refactoring tool Coccinelle.

One-click add Semgrep to your project

Pricing and setup

Semgrep Community for personal accounts and organizations

$0

Semgrep Community

Semgrep Community for personal accounts and organizations

Next: Confirm your installation location

Semgrep is provided by a third-party and is governed by separate terms of service, privacy policy, and support contact.