Semgrep is an open-source static analysis tool and AI-powered SAST platform that enables developers to write and enforce custom code security rules. It finds bugs, vulnerabilities, and code anti-patterns across 30+ programming languages and integrates into CI/CD pipelines.
Category
Security
Subcategory
Vulnerability Scanning
Free Tier
Semgrep OSS free forever; Semgrep Community free tier
Paid Plans
Team from $40/developer/month, Enterprise pricing available
API Cost
Not available yet
Web AppAPICLI
○SOC2○ISO27001○GDPR○HIPAA
● certified · ○ not verified
Compliance data is community-sourced and may be incomplete or out of date. Always verify certifications directly with the vendor's official trust or security page before relying on them.
Self-hostable
Yes
Some data-handling details aren't verified yet. Help verify this data ↗
Custom code security rulesVulnerability detection at scaleCode quality enforcementSecurity policy as codeMulti-language codebase scanning
// MORE IN VULNERABILITY SCANNING
SecurityVulnerability Scanning
#code-analysis#security
SecurityVulnerability Scanning
#secrets detection#credential scanning
SecurityVulnerability Scanning
#application security#sast