# Semgrep

> Static application security testing and AppSec platform that provides SAST, SCA, and secrets detection with AI-assisted triage, a rules registry, CLI/CI integration, and IDE plugins.

Semgrep delivers a developer-friendly application security platform that combines an open-source local SAST engine with a paid AppSec platform for teams and enterprises. It supports static code analysis, supply-chain (SCA) checks, and semantic secrets detection, and includes an AI Assistant for triage and remediation guidance. Semgrep runs locally via a CLI or as a managed platform and integrates with CI/CD and developer tools to surface findings in native workflows.

- **Open-source Community Edition** — use the CLI to run local SAST scans, access community rules, and export findings in SARIF/JSON to integrate with CI systems.
- **Teams & Enterprise tiers** — subscribe to team or enterprise plans for Pro rules, cross-file analysis, managed scanning, dashboards, RBAC and SSO; contact sales for custom enterprise pricing.
- **Semgrep Assistant (AI)** — AI-assisted triage, remediation guidance, auto-triage and auto-fix capabilities, and AI Memories to codify policy context for better results.
- **Rule Registry & Pro Engine** — share and reuse rules from the registry; upgrade for dataflow/reachability analysis to reduce false positives.
- **Developer integrations** — integrate with GitHub/GitLab/Bitbucket, CI systems, IDEs (VS Code, JetBrains), Slack, Jira, and REST APIs to surface findings where developers work.

Getting started: install the Semgrep CLI to scan code locally or sign up for the Semgrep AppSec Platform to onboard repositories, enable Pro rules and the Assistant, and connect CI/CD and SCM integrations.

## Features
- Open-source CLI SAST engine (Semgrep CE)
- Supply-chain scanning (SCA) and secrets detection
- AI-assisted triage and remediation with Semgrep Assistant
- Pro Engine with cross-file and dataflow/reachability analysis
- Registry of community and private rules
- CI/CD and SCM integrations with SARIF/JSON output
- IDE plugins for VS Code and JetBrains
- Managed AppSec Platform with dashboards, policies, and RBAC

## Integrations
GitHub, GitLab, Bitbucket, CircleCI, Jenkins, Azure Repos, Slack, Jira, Wiz, Pre-commit, REST API

## Platforms
WINDOWS, MACOS, LINUX, WEB, API, VSC_EXTENSION, JETBRAINS_PLUGIN, DEVELOPER_SDK

## Pricing
Open Source, Free tier available

## Links
- Website: https://semgrep.dev/
- Documentation: https://semgrep.dev/docs/
- Repository: https://github.com/semgrep/semgrep
- EveryDev.ai: https://www.everydev.ai/tools/semgrep