Semgrep, Inc.

San Francisco, CaliforniaFounded 2017

1Tools Listed

35Combined Tool Views

Semgrep's mission is to make it expensive to exploit software by providing developer-friendly code security tools that enable teams to find, fix, and prevent security vulnerabilities without slowing down development.

Website View Tools View Discussions

Founding Story

Semgrep was founded in 2017 by three MIT graduates - Isaac Evans, Drew Dennison, and Luke O'Malley - who shared a mission to profoundly improve software security from day one. The founders first collaborated during MIT's Independent Activities Period in 2011 on a contract to secure Android apps for the U.S. Army, which sparked their interest in software security. In 2016, Evans and Dennison became Entrepreneurs in Residence at Redpoint Ventures, where they explored opportunities in the software security space. They recognized a fundamental problem: security tools were too complex, slowed down development, and created an asymmetry where attackers had the advantage. Security was treated as a specialized skillset rather than something every developer could participate in. In 2019, during an internal hackathon at their startup (then called r2c), the team encountered the open-source sgrep tool, originally created by Yoann Padioleau at Facebook. They recognized its potential and hired Padioleau to help revive and expand the project. This became the foundation of Semgrep - a tool designed to democratize security by making it as easy as using "Grammarly for code." The founders' vision was to create a developer-friendly security platform that would make it expensive to exploit software by empowering every programmer to write security rules and participate in securing code, rather than requiring highly specialized security expertise. Their goal was to allow companies to maintain development velocity without sacrificing security, addressing the core problem that defenders were at a disadvantage against attackers.

Discussions

No discussions yet

Be the first to start a discussion about Semgrep, Inc.

Leadership

Founders

Isaac Evans

CEO and Co-Founder. MIT graduate (SM '15) in Electrical Engineering and Computer Science. Completed a master's thesis on advanced software security. Former Entrepreneur in Residence at Redpoint Ventures (2016-2017). Experience at Palantir and Fortune 500 companies. Conducted research into binary exploitation at MIT Lincoln Laboratory and U.S. Department of Defense. Member of Simmons Hall and the Gordon-MIT Engineering Leadership (GEL) Program at MIT.

Drew Dennison

CTO and Co-Founder. MIT graduate ('13) in Electrical Engineering and Computer Science. Former Entrepreneur in Residence at Redpoint Ventures (2016-2017). Experience at MIT computer science research labs and Fortune 500 companies. Member of Simmons Hall and the Gordon-MIT Engineering Leadership (GEL) Program at MIT. Mentored by Professor Joel Schindall.

Luke O'Malley

CPO (Chief Product Officer) and Co-Founder. MIT graduate ('14) in Electrical Engineering and Computer Science. Joined as Head of Product in December 2017. Member of Simmons Hall and the Gordon-MIT Engineering Leadership (GEL) Program at MIT.

Executive Team

Isaac Evans

Founder and CEO

MIT graduate (SM '15) in EECS. Former Entrepreneur in Residence at Redpoint Ventures. Experience at Palantir, MIT Lincoln Laboratory, and U.S. Department of Defense.

Drew Dennison

Co-Founder and CTO

MIT graduate ('13) in EECS. Former Entrepreneur in Residence at Redpoint Ventures. Experience at MIT computer science research labs.

Business Model

Revenue Model

SaaS subscription model based on number of contributors (developers). Free for teams under 10 contributors. Revenue streams from SAST (Code), SCA (Supply Chain), and Secrets Detection subscriptions. Enterprise customers pay custom pricing for scale and dedicated support.

Pricing Tiers

Community Edition

Free

Open-source rules, DIY CI/CD setup, community support, lightweight fast scanning

Teams - Semgrep Code

$40/month per contributor

Pro rules, AI Assistant, SSO, award-winning support, managed scans option, advanced features

Teams - Semgrep Supply Chain

$40/month per contributor

Reachability analysis, malicious dependency detection, SBOM generation, license compliance

Teams - Semgrep Secrets

$20/month per contributor

Semantic secrets detection, entropy analysis, secret validation

Enterprise

Custom pricing

Dedicated account management, volume pricing, custom SLAs, enterprise support, scale features

Private company, Series D stage. No IPO plans publicly announced.

Target Markets

Industries & Segments

Late-stage startups and scale-ups
Enterprise technology companies
Fintech companies
SaaS platforms
Cloud-native applications
Developer teams and engineering organizations

Use Cases

Secure Vibe Coding (securing code written by AI or humans)
Open-Source Malware Protection
Static Application Security Testing (SAST)
OWASP Top 10 vulnerability prevention
Secure Guardrails for automated security enforcement
Software Composition Analysis (SCA) for dependency vulnerabilities

Notable Customers

Lyft
Snowflake
Figma
Dropbox

History & Milestones

October 2025

Recognized in the 2025 Gartner Magic Quadrant for Application Security Testing for the first time

January 2025

Launched Semgrep Assistant with Memories, an AI-powered triage system with 96% researcher agreement rate

February 2025

Malicious Dependency Detection reached General Availability with 80,000 SCA rules

March 2024

Launched Semgrep Assistant (AI remediation tool) to general availability

2024

Hit 100 million annual scans

1 AI Tool by Semgrep, Inc.

Semgrep

3mo

Code Security

Static application security testing and AppSec platform that provides SAST, SCA, and secrets detection with AI-assisted triage, a rules registry, CLI/CI integration, and IDE plugins.