Semgrep

Semgrep delivers a developer-friendly application security platform that combines an open-source local SAST engine with a paid AppSec platform for teams and enterprises. It supports static code analysis, supply-chain (SCA) checks, and semantic secrets detection, and includes an AI Assistant for triage and remediation guidance. Semgrep runs locally via a CLI or as a managed platform and integrates with CI/CD and developer tools to surface findings in native workflows.

Open-source Community Edition — use the CLI to run local SAST scans, access community rules, and export findings in SARIF/JSON to integrate with CI systems.
Teams & Enterprise tiers — subscribe to team or enterprise plans for Pro rules, cross-file analysis, managed scanning, dashboards, RBAC and SSO; contact sales for custom enterprise pricing.
Semgrep Assistant (AI) — AI-assisted triage, remediation guidance, auto-triage and auto-fix capabilities, and AI Memories to codify policy context for better results.
Rule Registry & Pro Engine — share and reuse rules from the registry; upgrade for dataflow/reachability analysis to reduce false positives.
Developer integrations — integrate with GitHub/GitLab/Bitbucket, CI systems, IDEs (VS Code, JetBrains), Slack, Jira, and REST APIs to surface findings where developers work.

Getting started: install the Semgrep CLI to scan code locally or sign up for the Semgrep AppSec Platform to onboard repositories, enable Pro rules and the Assistant, and connect CI/CD and SCM integrations.

No discussions yet

Be the first to start a discussion about Semgrep

Demo Video for Semgrep

Developer

Semgrep, Inc.

semgrep.dev/

semgrep

𝕏semgrep

1 AI Tool

Semgrep, Inc. builds developer-first application security tools that combine an open-source static analysis engine with a managed AppSe…read more

Semgrep, Inc. developer profile

Pricing and Plans

(Freemium)

Community Edition

Free

Open-source local SAST engine for individual developers and projects.

Open-source SAST engine (LGPL 2.1)
Community-managed rules and registry
CLI for local scans and CI integration
Cross-platform support: macOS, Windows, Linux
SARIF/JSON output and rule authoring

Teams

Popular

$40/month

Extensible AppSec for growing teams; pricing is per contributor and starts at $40/month per contributor.

Pro rules and cross-file analysis
Semgrep Assistant (AI) for triage and fixes
Managed scanning, dashboards, and policy engine
Single sign-on (SSO) and role-based access control (RBAC)

Enterprise

Contact for pricing

Custom pricing and deployment options for large organizations; contact sales for details.

Everything in Teams plus dedicated account manager and white-glove onboarding
Volume pricing, roadmap access, and feature prioritization
Extended support and SLAs

System Requirements

Operating System

macOS, Windows, Linux

Memory (RAM)

4 GB+ RAM (8 GB+ recommended)

Processor

64-bit CPU

Disk Space

200 MB+ free disk space

AI Capabilities

AI-assisted triage

Remediation guidance and auto-fix

AI Memories for policy context

Custom AI model provider support

← Back to all tools

Stats on Semgrep

Related Tools

Google Antigravity

50m

Agent Frameworks

An agentic development platform that transforms the IDE into an agent-first environment, enabling autonomous agents to plan, execute, and verify end-to-end software tasks across the editor, terminal, and browser.