Analyzed
about 1 year
ago.
based on code collected
over 1 year
ago.
Project Summary
Semgrep is a fast, open-source, static analysis tool that excels at expressing code standards — without complicated queries — and surfacing bugs early at editor, commit, and CI time. Precise rules look like the code you’re searching; no more traversing abstract syntax trees or wrestling with regexes.
The Semgrep Registry has 900+ rules written by the Semgrep community covering security, correctness, and performance bugs. No need to DIY unless you want to.
Semgrep runs offline, on uncompiled code.
The Semgrep project is led by returntocorp.
In a Nutshell, Semgrep...
- ...
- ...
-
...
has a codebase with a long source history
maintained by a very large development team
with stable Y-O-Y commits -
...
took an estimated 3,069 years of effort (COCOMO model)
starting with its first commit in November, 2019
ending with its most recent commit about 1 year ago
Quick Reference
GNU Lesser General Public License 2.1
Permitted
Forbidden
Required
These details are provided for information only. No information here is legal advice and should not be used as such.
Project Security
Vulnerabilities per Version ( last 10 releases )
There are no reported vulnerabilities
Project Vulnerability Report
Security Confidence Index
Poor security track-record
Favorable security track-record
Vulnerability Exposure Index
Many reported vulnerabilities
Few reported vulnerabilities
Did You Know...
-
...
there are over 3,000 projects on the Open Hub with security vulnerabilities reported against them
-
...
search using multiple tags to find exactly what you need
-
...
65% of companies leverage OSS to speed application development in 2016
-
...
learn about Open Hub updates and features on the Open Hub blog
30 Day SummaryMar 9 2024 — Apr 8 2024
|
12 Month SummaryApr 8 2023 — Apr 8 2024
|
