Semgrep logo

Semgrep

Lightweight static analysis for finding bugs and enforcing code standards

open-sourceVisit Website →

About Semgrep

Semgrep scans code for security vulnerabilities and anti-patterns using simple, readable rules. Supports 30+ languages with fast execution.

Key Features

Semgrep makes static analysis accessible to every development team. Its rules are written in a pattern syntax that looks like the code you are searching for, making it easy to write custom rules without learning a complex DSL. Out of the box, Semgrep includes thousands of rules for security vulnerabilities, best practices, and framework-specific anti-patterns across 30+ languages. It runs fast enough to integrate into CI/CD pipelines without slowing builds. The open-source engine is free, while Semgrep Cloud adds a dashboard, policy management, and team features.

Categories

SecurityTesting

Companies using Semgrep are hiring

Application Security/SAST Engineer
hptech inc. · US
security
HCL AppScan Professional Services _Cyber Security Analyst (DAST, SAST, IAST, SCA)
hclsoftware · India
security
Principal DevSecOps Engineer (DevSecOps/SAST/SCA)
zscaler · Office - Bangalore, India
security
Sr Technology Engineer -Disaster Recovery
pseg · Bethpage, Nassau County
backend
Sr Technology Engineer -Disaster Recovery
pseg long island · Bethpage, Nassau County
backend