496:
247:
184:
150:
94:
1617:
1607:
1597:
1587:
510:
27:
1467:
484:. Analysis can be done without the need of custom configuration, and by utilizing rulesets created by Semgrep Inc. and open source contributors. The tool also allows users to write their own patterns and rules through the CLI using a pattern language unique to semgrep. A free online rule editor and a tutorial are also available.
371:
Semgrep rules are similar to source code and do not require knowledge of a domain specific language to write. Both open source and commercial rules can be forked and customized to a user's codebase, however only commercial users are able to customize commercial rules. All users are free to fork and
740:
368:
service (called
Semgrep CI), rule-writing tools (called the Semgrep Playground and editor), and a rule library (called Semgrep Registry) free of charge for both commercial and open source users.
1117:
888:
446:
593:
1611:
643:
1124:
1601:
1642:
523:
456:) listed Semgrep in its source code analysis tools list. As of 2023 April, Semgrep has 132 contributors and over 9000 stars on
449:, Redpoint Ventures, and Sequoia Capital. The company has raised a total of $ 93 million, including their Series C financing.
1652:
501:
818:
1151:
268:
226:
209:
1429:
1282:
1190:
292:
1202:
320:
201:
434:
round in 2020. The company's product portfolio consisted only of
Semgrep OSS and its ecosystem at the time.
1224:
343:
332:
163:
515:
442:
405:
328:
308:
141:
1322:
1558:
1417:
1268:
1179:
473:
1384:
1298:
1247:
1184:
1133:
1097:
304:
246:
149:
93:
1048:
1647:
1548:
722:
393:
296:
1657:
1621:
1288:
1110:
279:
214:
1423:
365:
1475:
1403:
913:
543:
477:
389:
272:
1586:
845:
1580:
1002:
183:
567:
8:
1156:
1489:
1543:
481:
419:
45:
560:
1309:
1023:
889:"Forbes Cybersecurity Awards 2020: Corellium, The Tiny Startup Driving Apple Crazy"
792:
221:
863:
1538:
1389:
423:
356:
being a text search command-line utility that is aware of source code semantics.
339:
is community driven and does not support interprocedural or interfile analysis.
957:
766:
1553:
1495:
1397:
696:
671:
617:
1501:
594:"Semgrep (formerly r2c) lands $ 53M investment to grow code security platform"
1636:
1231:
260:
1519:
1513:
1507:
1375:
1259:
977:
461:
1591:
1088:
937:
1236:
1215:
771:
276:
864:"Redpoint and Sequoia are backing a startup to copyedit your shit code"
427:
384:, an open source part of pfff, a program analysis library developed at
312:
109:
1409:
1351:
172:
997:
509:
1525:
1316:
1142:
438:
431:
385:
437:
Semgrep, Inc. announced in 2023 that it had raised a $ 53 million
1455:
1339:
1293:
1102:
464:
Hub the Docker image has been pulled more than 60 million times.
445:
leading the investment and participation from previous investors
1435:
1363:
1327:
1196:
1092:
1083:
942:
823:
797:
745:
457:
26:
1466:
1441:
1357:
1241:
1173:
1079:
453:
300:
197:
1345:
1333:
1165:
348:
316:
291:
Semgrep has stable support for over 30 languages including
767:"Semgrep: Lightweight static analysis for many languages"
324:
741:"Previous version of Semgrep's README.md file on GitHub"
237:
84:
1071:
400:
and a contributor to
Coccinelle, joined r2c in 2019.
491:
819:"Previous version of Semgrep's README.md on GitHub"
275:, and secrets scanning) and actively maintains the
259:(formerly r2c) is a cybersecurity company based in
644:"Detect complex code patterns using semantic grep"
480:. Additionally it can run without installation on
1098:Medium post on Semgrep by Isaac Evans, CEO of r2c
416:to avoid name collisions with existing projects.
392:, an open-source utility for programs written in
1634:
544:"Release – sgrep 0.4.0 – returntocorp/semgrep"
1118:
452:The Open Web Application Security Project (
1125:
1111:
723:"A Brief Introduction to Semgrep (part 1)"
396:. Yoann Padioleau, the original author of
245:
182:
148:
92:
25:
1024:"Semgrep Documentation – Getting started"
587:
585:
16:Open-source static analysis software tool
1483:
720:
1046:
843:
1635:
591:
582:
524:List of tools for static code analysis
372:modify open source (community) rules.
1106:
502:Free and open-source software portal
793:"Pull request of Semgrep on GitHub"
13:
1132:
914:"OWASP Source Code Analysis Tools"
846:"Semgrep A Practical Introduction"
408:from pfff by r2c, and in 2020 the
14:
1669:
1063:
1616:
1615:
1606:
1605:
1596:
1595:
1585:
1465:
641:
508:
494:
430:and later funded a $ 13 million
1040:
1016:
990:
970:
950:
930:
906:
881:
856:
837:
811:
785:
759:
618:"Supported languages | Semgrep"
153:/ August 15, 2024; 28 days ago
1430:Logic for Computable Functions
978:"Semgrep on Homebrew Formulae"
733:
714:
697:"Write custom rules | Semgrep"
689:
672:"Write custom rules | Semgrep"
664:
635:
610:
536:
472:Semgrep can be installed with
388:in 2009. Pfff was inspired by
1:
1643:Static program analysis tools
1047:Lancini, Marco (2020-12-12).
844:Salecha, Rohit (2020-08-13).
721:Lauerman, Alex (2020-10-29).
529:
426:backed r2c in an unannounced
342:The name is a combination of
1049:"Semgrep for Cloud Security"
7:
1653:Free software testing tools
516:Computer programming portal
487:
443:Lightspeed Venture Partners
359:
267:(a commercial offering for
263:. The company develops the
10:
1674:
592:Miller, Ron (2023-04-18).
375:
1567:
1474:
1463:
1383:
1308:
1257:
1248:Standard ML of New Jersey
1214:
1164:
1150:
1141:
653:(Presentation). p. 2
364:Semgrep, Inc. provides a
232:
220:
208:
193:
162:
158:
140:
136:
118:
108:
79:
59:
51:
41:
33:
24:
1549:Christine Paulin-Mohring
467:
1622:Category:Software:OCaml
958:"Semgrep on Docker Hub"
265:Semgrep AppSec Platform
215:Static program analysis
366:continuous integration
335:. Language support on
1612:Category:Family:OCaml
998:"Semgrep on pypi.org"
380:Semgrep was based on
124:; 4 years ago
122:February 6, 2020
1581:Open-source software
1003:Python Package Index
280:static code analysis
938:"Semgrep on GitHub"
441:funding round with
105:
21:
1602:Category:Family:ML
1490:Lennart Augustsson
103:
19:
1630:
1629:
1544:Steven G. Johnson
1534:
1533:
1451:
1450:
1310:Programming tools
1278:
1277:
420:Redpoint Ventures
412:fork was renamed
254:
253:
101:
100:
46:Computer Security
1665:
1619:
1618:
1609:
1608:
1599:
1598:
1589:
1481:
1480:
1469:
1390:proof assistants
1162:
1161:
1148:
1147:
1127:
1120:
1113:
1104:
1103:
1075:
1074:
1072:Official website
1057:
1056:
1044:
1038:
1037:
1035:
1034:
1020:
1014:
1013:
1011:
1010:
994:
988:
987:
985:
984:
974:
968:
967:
965:
964:
954:
948:
947:
934:
928:
927:
925:
924:
910:
904:
903:
901:
900:
885:
879:
878:
876:
875:
860:
854:
853:
841:
835:
834:
832:
831:
815:
809:
808:
806:
805:
789:
783:
782:
780:
779:
763:
757:
756:
754:
753:
737:
731:
730:
718:
712:
711:
709:
708:
693:
687:
686:
684:
683:
668:
662:
661:
659:
658:
648:
639:
633:
632:
630:
629:
614:
608:
607:
605:
604:
589:
580:
579:
577:
575:
570:. 15 August 2024
568:"Release 1.85.0"
564:
558:
557:
555:
554:
540:
518:
513:
512:
504:
499:
498:
497:
447:Felicis Ventures
415:
411:
403:
399:
383:
355:
351:
338:
287:
250:
249:
242:
239:
186:
181:
178:
176:
174:
152:
132:
130:
125:
106:
102:
97:
96:
89:
86:
29:
22:
18:
1673:
1672:
1668:
1667:
1666:
1664:
1663:
1662:
1648:Software review
1633:
1632:
1631:
1626:
1584:
1563:
1539:Thierry Coquand
1530:
1470:
1461:
1447:
1388:
1385:Theorem provers
1379:
1304:
1274:
1253:
1210:
1155:
1152:Implementations
1137:
1131:
1076:, Semgrep, Inc.
1070:
1069:
1066:
1061:
1060:
1053:marcolancini.it
1045:
1041:
1032:
1030:
1022:
1021:
1017:
1008:
1006:
996:
995:
991:
982:
980:
976:
975:
971:
962:
960:
956:
955:
951:
936:
935:
931:
922:
920:
912:
911:
907:
898:
896:
887:
886:
882:
873:
871:
862:
861:
857:
850:NotSoSecure.com
842:
838:
829:
827:
817:
816:
812:
803:
801:
791:
790:
786:
777:
775:
765:
764:
760:
751:
749:
739:
738:
734:
719:
715:
706:
704:
695:
694:
690:
681:
679:
670:
669:
665:
656:
654:
646:
640:
636:
627:
625:
616:
615:
611:
602:
600:
590:
583:
573:
571:
566:
565:
561:
552:
550:
542:
541:
537:
532:
514:
507:
500:
495:
493:
490:
470:
424:Sequoia Capital
413:
409:
401:
397:
381:
378:
362:
353:
352:, referring to
347:
336:
283:
244:
236:
189:
171:
154:
128:
126:
123:
119:Initial release
91:
83:
75:
17:
12:
11:
5:
1671:
1661:
1660:
1658:OCaml software
1655:
1650:
1645:
1628:
1627:
1625:
1576:
1574:= discontinued
1568:
1565:
1564:
1562:
1561:
1559:Simon Thompson
1556:
1554:Frank Pfenning
1551:
1546:
1541:
1535:
1532:
1531:
1529:
1523:
1517:
1511:
1505:
1499:
1496:Damien Doligez
1493:
1487:
1485:
1478:
1472:
1471:
1464:
1462:
1460:
1459:
1452:
1449:
1448:
1446:
1445:
1439:
1433:
1426:
1421:
1415:
1414:
1413:
1401:
1394:
1392:
1381:
1380:
1378:
1373:
1367:
1361:
1355:
1349:
1343:
1337:
1331:
1325:
1320:
1314:
1312:
1306:
1305:
1303:
1302:
1296:
1291:
1286:
1279:
1276:
1275:
1273:
1272:
1265:
1263:
1255:
1254:
1252:
1251:
1245:
1239:
1234:
1229:
1220:
1218:
1212:
1211:
1209:
1208:
1207:
1206:
1200:
1194:
1188:
1182:
1170:
1168:
1159:
1145:
1139:
1138:
1130:
1129:
1122:
1115:
1107:
1101:
1100:
1095:
1086:
1077:
1065:
1064:External links
1062:
1059:
1058:
1039:
1015:
989:
969:
949:
929:
905:
880:
868:TechCrunch.com
855:
836:
810:
784:
758:
732:
713:
688:
663:
634:
609:
581:
559:
534:
533:
531:
528:
527:
526:
520:
519:
505:
489:
486:
469:
466:
377:
374:
361:
358:
252:
251:
234:
230:
229:
224:
218:
217:
212:
206:
205:
195:
191:
190:
188:
187:
168:
166:
160:
159:
156:
155:
146:
144:
142:Stable release
138:
137:
134:
133:
120:
116:
115:
112:
99:
98:
81:
77:
76:
74:
73:
70:
67:
63:
61:
57:
56:
53:
49:
48:
43:
39:
38:
35:
31:
30:
15:
9:
6:
4:
3:
2:
1670:
1659:
1656:
1654:
1651:
1649:
1646:
1644:
1641:
1640:
1638:
1624:
1623:
1614:
1613:
1604:
1603:
1594:
1593:
1588:
1583:
1582:
1577:
1575:
1572:
1569:
1566:
1560:
1557:
1555:
1552:
1550:
1547:
1545:
1542:
1540:
1537:
1536:
1527:
1524:
1522:(Extended ML)
1521:
1518:
1515:
1512:
1510:(Caml, OCaml)
1509:
1506:
1503:
1500:
1497:
1494:
1491:
1488:
1486:
1482:
1479:
1477:
1473:
1468:
1457:
1454:
1453:
1443:
1440:
1437:
1434:
1432:
1431:
1427:
1425:
1422:
1419:
1416:
1411:
1408:
1407:
1405:
1402:
1399:
1396:
1395:
1393:
1391:
1386:
1382:
1377:
1374:
1371:
1368:
1365:
1362:
1359:
1356:
1353:
1350:
1347:
1344:
1341:
1338:
1335:
1332:
1329:
1326:
1324:
1321:
1318:
1315:
1313:
1311:
1307:
1300:
1297:
1295:
1292:
1290:
1287:
1284:
1281:
1280:
1270:
1267:
1266:
1264:
1262:
1261:
1256:
1249:
1246:
1243:
1240:
1238:
1235:
1233:
1232:Concurrent ML
1230:
1227:
1226:
1222:
1221:
1219:
1217:
1213:
1204:
1201:
1198:
1195:
1192:
1189:
1186:
1183:
1181:
1178:
1177:
1175:
1172:
1171:
1169:
1167:
1163:
1160:
1158:
1153:
1149:
1146:
1144:
1140:
1135:
1128:
1123:
1121:
1116:
1114:
1109:
1108:
1105:
1099:
1096:
1094:
1090:
1087:
1085:
1081:
1078:
1073:
1068:
1067:
1054:
1050:
1043:
1029:
1025:
1019:
1005:
1004:
999:
993:
979:
973:
959:
953:
945:
944:
939:
933:
919:
915:
909:
894:
890:
884:
869:
865:
859:
851:
847:
840:
826:
825:
820:
814:
800:
799:
794:
788:
774:
773:
768:
762:
748:
747:
742:
736:
728:
724:
717:
702:
698:
692:
677:
673:
667:
652:
645:
642:Nagy, Bence.
638:
623:
619:
613:
599:
595:
588:
586:
569:
563:
549:
545:
539:
535:
525:
522:
521:
517:
511:
506:
503:
492:
485:
483:
479:
475:
465:
463:
459:
455:
450:
448:
444:
440:
435:
433:
429:
425:
421:
417:
407:
395:
391:
387:
373:
369:
367:
357:
350:
345:
340:
334:
330:
326:
322:
318:
314:
310:
306:
302:
298:
294:
289:
286:
281:
278:
274:
270:
266:
262:
261:San Francisco
258:
257:Semgrep, Inc.
248:
241:
235:
231:
228:
225:
223:
219:
216:
213:
211:
207:
203:
199:
196:
192:
185:
180:
170:
169:
167:
165:
161:
157:
151:
145:
143:
139:
135:
121:
117:
114:Semgrep, Inc.
113:
111:
107:
95:
88:
82:
78:
72:Drew Dennison
71:
69:Luke O'Malley
68:
65:
64:
62:
58:
54:
50:
47:
44:
40:
36:
32:
28:
23:
1620:
1610:
1600:
1590:
1578:
1573:
1570:
1520:Don Sannella
1514:Robin Milner
1508:Xavier Leroy
1428:
1376:SLAM project
1369:
1260:Dependent ML
1258:
1223:
1052:
1042:
1031:. Retrieved
1027:
1018:
1007:. Retrieved
1001:
992:
981:. Retrieved
972:
961:. Retrieved
952:
941:
932:
921:. Retrieved
917:
908:
897:. Retrieved
895:. 2020-12-27
892:
883:
872:. Retrieved
870:. 2020-10-29
867:
858:
849:
839:
828:. Retrieved
822:
813:
802:. Retrieved
796:
787:
776:. Retrieved
770:
761:
750:. Retrieved
744:
735:
727:TrustFoundry
726:
716:
705:. Retrieved
703:. 2024-05-16
700:
691:
680:. Retrieved
678:. 2024-05-16
675:
666:
655:. Retrieved
650:
637:
626:. Retrieved
624:. 2024-05-22
621:
612:
601:. Retrieved
597:
572:. Retrieved
562:
551:. Retrieved
547:
538:
471:
451:
436:
418:
379:
370:
363:
341:
290:
284:
264:
256:
255:
147:1.85.0
110:Developer(s)
20:Semgrep, Inc
1502:Gérard Huet
1237:Extended ML
1216:Standard ML
1136:programming
1028:semgrep.dev
772:Hacker News
701:semgrep.dev
676:semgrep.dev
622:semgrep.dev
574:1 September
337:semgrep OSS
285:semgrep OSS
277:open-source
200:(core) and
104:Semgrep OSS
66:Isaac Evans
1637:Categories
1250:° (SML/NJ)
1033:2021-02-02
1009:2021-02-03
983:2021-02-03
963:2023-04-19
923:2020-02-02
899:2021-02-02
893:Forbes.com
874:2021-02-02
830:2021-02-02
804:2021-02-02
778:2021-02-02
752:2021-02-02
707:2024-05-29
682:2024-05-29
657:2021-02-02
628:2024-05-29
603:2023-04-19
598:TechCrunch
553:2021-02-03
548:Github.com
530:References
428:seed round
390:Coccinelle
313:JavaScript
194:Written in
164:Repository
129:2020-02-06
1492:(Lazy ML)
1484:Designers
1476:Community
1410:HOL Light
1352:Marionnet
918:Owasp.com
651:owasp.org
227:LGPL v2.1
1526:Don Syme
1418:Isabelle
1317:Alt-Ergo
1157:dialects
1143:Software
488:See also
474:Homebrew
439:Series C
432:Series A
386:Facebook
360:Services
344:semantic
179:/semgrep
177:/semgrep
42:Industry
34:Formerly
1571:Italics
1498:(OCaml)
1456:GeneWeb
1370:Semgrep
1340:Frama-C
1294:MacroML
1289:Lazy ML
1283:Futhark
1080:Semgrep
460:. From
414:semgrep
376:History
354:semgrep
238:semgrep
233:Website
222:License
127: (
85:semgrep
80:Website
60:Founder
52:Founded
1504:(Caml)
1436:Matita
1364:Poplog
1328:Camlp4
1323:Astrée
1203:Reason
1197:JoCaml
1093:GitHub
1084:GitHub
943:GitHub
824:GitHub
798:GitHub
746:GitHub
482:Docker
462:Docker
458:GitHub
406:forked
331:, and
321:Python
243:
202:Python
173:github
90:
1442:Twelf
1358:MTASC
1242:MLton
1225:Alice
1174:OCaml
647:(PDF)
468:Usage
454:OWASP
410:sgrep
402:sgrep
398:sgrep
382:sgrep
333:Scala
282:tool
204:(CLI)
198:OCaml
1592:Book
1579:° =
1528:(F#)
1516:(ML)
1424:LEGO
1346:Haxe
1334:FFTW
1166:Caml
1089:Pfff
576:2024
422:and
404:was
349:grep
346:and
329:Ruby
317:JSON
309:Java
288:.
269:SAST
240:.dev
210:Type
175:.com
87:.dev
55:2017
1404:HOL
1398:Coq
1269:ATS
1180:Eff
1091:on
1082:on
478:pip
476:or
325:PHP
301:C++
273:SCA
37:r2c
1639::
1406:°
1299:Ur
1191:F#
1185:F*
1176:°
1134:ML
1051:.
1026:.
1000:.
940:.
916:.
891:.
866:.
848:.
821:.
795:.
769:.
743:.
725:.
699:.
674:.
649:.
620:.
596:.
584:^
546:.
327:,
323:,
319:,
315:,
311:,
307:,
305:Go
303:,
299:,
295:,
293:C#
271:,
1458:°
1444:°
1438:°
1420:°
1412:°
1400:°
1387:,
1372:°
1366:°
1360:°
1354:°
1348:°
1342:°
1336:°
1330:°
1319:°
1301:°
1285:°
1271:°
1244:°
1228:°
1205:°
1199:°
1193:°
1187:°
1154:,
1126:e
1119:t
1112:v
1055:.
1036:.
1012:.
986:.
966:.
946:.
926:.
902:.
877:.
852:.
833:.
807:.
781:.
755:.
729:.
710:.
685:.
660:.
631:.
606:.
578:.
556:.
394:C
297:C
131:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.