Semgrep
Static code analysis and application security
Semgrep is a developer-friendly application security platform that specializes in static application security testing (SAST), software composition analysis (SCA), secrets detection, and supply chain security scanning. Founded in 2017, Semgrep evolved from the open-source project sgrep and now conducts over 75 million source-code security scans annually, supporting more than 30 programming languages and CI/CD tools like GitHub and GitLab.
The platform offers a range of tools designed for easy integration into developer workflows. The Semgrep Community Edition is a free, open-source command-line tool that provides basic static analysis with community-contributed rules. The Semgrep AppSec Platform is an enterprise SaaS solution that includes advanced features such as managed scans, AI-assisted triage, and API integrations. Semgrep aims to enhance security during code development for technology companies, particularly late-stage startups and enterprises, by making software exploitation costly and providing secure code guardrails.