Home
DevOps
Build, Test, Deploy
Code Review
Semgrep logo

Semgrep

Semantic grep for code
r2cdev
semgrep.dev
18
13
+ 1
0

What is Semgrep?

It is a fast, open-source, static analysis tool for finding bugs and enforcing code standards at editor, commit, and CI time. Its rules look like the code you already write; no abstract syntax trees, regex wrestling, or painful DSLs.
Semgrep is a tool in the Code Review category of a tech stack.
Semgrep is an open source tool with GitHub stars and GitHub forks. Here’s a link to Semgrep's open source repository on GitHub

Who uses Semgrep?

Companies
8 companies reportedly use Semgrep in their tech stacks, including Shelf, Edgelab, and SMARTTechStack.

Developers
10 developers on StackShare have stated that they use Semgrep.

Semgrep Integrations

JavaScript, Python, Java, PHP, and TypeScript are some of the popular tools that integrate with Semgrep. Here's a list of all 14 tools that integrate with Semgrep.

Semgrep's Features

  • Open source, works on 17+ languages
  • Scan with 1,000+ community rules
  • Write rules that look like your code
  • Quickly get results in the terminal, editor, or CI/CD
  • Flag issues moving forward, get results in pull requests, Slack, + more

Semgrep Alternatives & Comparisons

What are some alternatives to Semgrep?
ESLint
A pluggable and configurable linter tool for identifying and reporting on patterns in JavaScript. Maintain your code quality with ease.
OpenSSL
It is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.
Prettier
Prettier is an opinionated code formatter. It enforces a consistent style by parsing your code and re-printing it with its own rules that take the maximum line length into account, wrapping code when necessary.
TSLint
An extensible static analysis tool that checks TypeScript code for readability, maintainability, and functionality errors. It is widely supported across modern editors & build systems and can be customized with your own lint rules, configurations, and formatters.
SonarQube
SonarQube provides an overview of the overall health of your source code and even more importantly, it highlights issues found on new code. With a Quality Gate set on your project, you will simply fix the Leak and start mechanically improving.
See all alternatives
Related Comparisons
Semgrep
Semgrep
VS
Bearer
Bearer

Semgrep's Followers
13 developers follow Semgrep to keep up with related blogs and decisions.

Similar Tools

ESLintOpenSSLPrettierTSLintSonarQube

New Tools

Travis CIPuppet LabsChefAWS OpsWorksSolano CI

Trending Comparisons

Bearer vs Semgrep

Related Jobs

ESLint JobsOpenSSL JobsPrettier JobsTSLint JobsSonarQube Jobs