Skip to content

Semgrep Community Edition

Semgrep is a fast, open-source, static analysis tool that searches code, finds bugs, and enforces secure guardrails and coding standards. Semgrep supports 30+ languages and can run in an IDE, as a pre-commit check, and as part of CI/CD workflows.

Type: Pattern matching

Supported version: 1.128.1

Legal Notice

  • License: LGPL-2.1 (Copyleft)

  • Terms: Terms of Service

Disclaimer

This project provides wrappers and scripts to integrate with Semgrep Community Edition, but does not include the tool itself. Therefore, you are responsible for reviewing and complying with the product's license and terms of use.

Requirements

  • An existing installation of Semgrep.

  • An internet connection is required only to download semgrep-rules.

Key Considerations

While the Semgrep Community Edition analysis tool (engine) is free, the rules it used may not be completely free.

The analysis tool is using Semgrep Community Edition Rules which are licenced under Semgrep Rules License v. 1.0 which only allows for only for your own internal business purposes.