Semgrep

Fast, open-source static analysis with semantic pattern matching and AI-assisted rules

Security Sast code scanning Open-Source
Visit Semgrep ↗ GitHub ↗

About Semgrep

Semgrep is a static analysis tool that matches code patterns across 30+ languages using a syntax-aware rule language. Semgrep Assistant uses AI to triage findings, generate explanatory comments on pull requests, and auto-remediate certain issue classes. The OSS engine is free and self-hostable; Semgrep Code adds managed rule packs and the AI assistant layer.

Key features

  • Semantic pattern matching in 30+ languages
  • Semgrep Assistant: AI triage and auto-remediation
  • AI-generated PR comments explaining each finding
  • 2,000+ community and pro rules
  • Sub-minute CI scan times
  • Custom rule authoring with interactive playground

Pricing

OSS Free — community rules, self-hosted
Team From $40/dev/mo — managed rules, AI assistant
Enterprise Custom — SSO, SIEM integration, SLA

Tags

sast static-analysis code-scanning ci-cd open-source ai-triage python javascript go java