Semgrep is a fast, open-source, static analysis tool that excels at expressing code standards — without complicated queries — and surfacing bugs early at editor, commit, and CI time. Precise rules look like the code you’re searching; no more traversing abstract syntax trees or wrestling with regexes.
The Semgrep Registry has 900+ rules written by the Semgrep community covering security, correctness, and performance bugs. No need to DIY unless you want to.
Semgrep runs offline, on uncompiled code.
The Semgrep project is led by returntocorp.
These details are provided for information only. No information here is legal advice and should not be used as such.
There are no reported vulnerabilities
30 Day SummaryMar 9 2024 — Apr 8 2024
|
12 Month SummaryApr 8 2023 — Apr 8 2024
|