semgrep

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

These details have been verified by PyPI

Maintainers

brendongo r2c r2c-drewdennison underyx

These details have not been verified by PyPI

Project links

Homepage

Project description

Lightweight static analysis for many languages.
Find bugs and enforce code standards.

Semgrep is a fast, open-source, static analysis tool for finding bugs and enforcing code standards at editor, commit, and CI time. Get started →.

Semgrep analyzes code locally on your computer or in your build environment: code is never uploaded.

Its rules look like the code you already write; no abstract syntax trees, regex wrestling, or painful DSLs. Here's a quick rule for finding Python print() statements, run it online in Semgrep's Playground by clicking the image:

The Semgrep ecosystem includes:

Semgrep - the open-source command line tool at the heart of everything (this project)
Semgrep CI - a specialized Docker image for running Semgrep in CI environments
Semgrep Playground - an online interactive rule builder for writing and sharing rules
Semgrep Registry - 1,000+ community-driven rules covering security, correctness, and performance bugs
Semgrep App - deploy, manage, and monitor Semgrep at scale with free and paid tiers.

Join 100,000 other developers and security engineers already using Semgrep at companies like Chef, Dropbox, Figma, HashiCorp, Snowflake, and Trail of Bits. Also check out tools powered by Semgrep!

Semgrep is developed and commercially supported by r2c, a software security company.

Language support

General availability

C# · Go · Java · JavaScript · JSX · JSON · Python · Ruby · Scala · TypeScript · TSX

Beta & experimental

See supported languages for the complete list.

Getting started

To install Semgrep use Homebrew or pip, or run without installation via Docker:

# For macOS
$ brew install semgrep

# For Ubuntu/WSL/Linux/macOS
$ python3 -m pip install semgrep

# To try Semgrep without installation run via Docker
$ docker run --rm -v "${PWD}:/src" returntocorp/semgrep

Once installed, Semgrep can run with single rules or entire rulesets. Visit Docs > Running rules to learn more or try the following:

# Check for Python == where the left and right hand sides are the same (often a bug)
$ semgrep -e '$X == $X' --lang=py path/to/src

# Fetch rules automatically by setting the `--config auto` flag.
# This will fetch rules relevant to your project from Semgrep Registry.
# The name of your project will be sent to Semgrep Registry as an identifier
# to make selecting relevant rules fast next time;
# source code will not be uploaded.
$ semgrep --config auto

Visit the full documentation to learn more.

Rule examples

Visit Docs > Rule examples for use cases and ideas.

Use case	Semgrep rule
Ban dangerous APIs	Prevent use of exec
Search routes and authentication	Extract Spring routes
Enforce the use secure defaults	Securely set Flask cookies
Tainted data flowing into sinks	ExpressJS dataflow into sandbox.run
Enforce project best-practices	Use assertEqual for == checks, Always check subprocess calls
Codify project-specific knowledge	Verify transactions before making them
Audit security hotspots	Finding XSS in Apache Airflow, Hardcoded credentials
Audit configuration files	Find S3 ARN uses
Migrate from deprecated APIs	DES is deprecated, Deprecated Flask APIs, Deprecated Bokeh APIs
Apply automatic fixes	Use listenAndServeTLS

Extensions

Visit Docs > Extensions to learn about Semgrep in your editor or pre-commit. When integrated into CI and configured to scan pull requests, Semgrep will only report issues introduced by that pull request; this lets you start using Semgrep without fixing or ignoring pre-existing issues!

Documentation

Browse the full Semgrep documentation on the website. If you’re new to Semgrep, check out Docs > Getting started or the interactive tutorial.

Metrics

Using remote configuration from the Registry (like --config=p/ci) reports pseudonymous rule metrics to semgrep.dev.

Using configs from local files (like --config=xyz.yml) does not enable metrics.

To disable Registry rule metrics, use --metrics=off.

PRIVACY.md describes the principles that guide data-collection decisions and the breakdown of the data that are and are not collected when the metrics are enabled.

Upgrading

To upgrade, run the command below associated with how you installed Semgrep:

# Using Homebrew
$ brew upgrade semgrep

# Using pip
$ python3 -m pip install --upgrade semgrep

# Using Docker
$ docker pull returntocorp/semgrep:latest

Project details

These details have been verified by PyPI

Maintainers

brendongo r2c r2c-drewdennison underyx

These details have not been verified by PyPI

Project links

Homepage

Release history Release notifications | RSS feed

1.97.0

Nov 20, 2024

1.96.0

Nov 7, 2024

1.95.0

Oct 31, 2024

1.94.0

Oct 31, 2024

1.93.0

Oct 23, 2024

1.92.0

Oct 17, 2024

1.91.0

Oct 11, 2024

1.90.0

Sep 26, 2024

1.89.0

Sep 20, 2024

1.88.0

Sep 19, 2024

1.87.0

Sep 13, 2024

1.86.0

Sep 4, 2024

1.85.0

Aug 15, 2024

1.84.1

Aug 7, 2024

1.84.0

Aug 6, 2024

1.83.0

Aug 2, 2024

1.82.0

Jul 30, 2024

1.81.0

Jul 24, 2024

1.80.0

Jul 18, 2024

1.79.0

Jul 10, 2024

1.78.0

Jun 27, 2024

1.77.0

Jun 24, 2024

1.76.0

Jun 17, 2024

1.75.0

Jun 3, 2024

1.74.0

May 23, 2024

1.73.0

May 16, 2024

1.72.0

May 8, 2024

1.71.0

May 3, 2024

1.70.0

Apr 24, 2024

1.69.0

Apr 16, 2024

1.68.0

Apr 9, 2024

1.67.0

Mar 28, 2024

1.66.2

Mar 26, 2024

1.66.1

Mar 25, 2024

1.66.0

Mar 19, 2024

1.65.0

Mar 11, 2024

1.64.0

Mar 7, 2024

1.63.0

Feb 27, 2024

1.62.0

Feb 22, 2024

1.61.1

Feb 14, 2024

1.61.0

Feb 13, 2024

1.60.1

Feb 9, 2024

1.60.0

Feb 8, 2024

1.59.1

Feb 2, 2024

1.59.0

Jan 30, 2024

1.58.0

Jan 23, 2024

1.57.0

Jan 18, 2024

1.56.0

Jan 10, 2024

1.55.2

Jan 5, 2024

1.55.1

Jan 4, 2024

1.55.0

Jan 2, 2024

1.54.3

Dec 22, 2023

1.54.2

Dec 21, 2023

1.54.1

Dec 20, 2023

1.54.0

Dec 20, 2023

1.53.0

Dec 12, 2023

1.52.0

Dec 5, 2023

1.51.0

Nov 29, 2023

1.50.0

Nov 17, 2023

1.49.0

Nov 15, 2023

1.48.0

Nov 6, 2023

1.46.0

Oct 24, 2023

1.45.0

Oct 18, 2023

1.44.0

Oct 11, 2023

1.43.0

Oct 3, 2023

1.42.0

Sep 29, 2023

1.41.0

Sep 19, 2023

1.40.0

Sep 14, 2023

1.39.0

Sep 7, 2023

1.38.3

Sep 2, 2023

1.38.2

Sep 1, 2023

1.38.1

Sep 1, 2023

1.38.0

Aug 31, 2023

1.37.0

Aug 25, 2023

1.36.0

Aug 14, 2023

1.35.0

Aug 9, 2023

1.34.1

Jul 29, 2023

1.34.0

Jul 27, 2023

1.33.2

Jul 21, 2023

1.33.1

Jul 21, 2023

1.32.0

Jul 13, 2023

1.31.2

Jul 7, 2023

1.31.1

Jul 7, 2023

1.31.0

Jul 7, 2023

1.30.0

Jun 28, 2023

1.29.0

Jun 26, 2023

1.28.0

Jun 21, 2023

1.27.0

Jun 13, 2023

1.26.0

Jun 9, 2023

1.25.0

Jun 6, 2023

1.24.1

Jun 1, 2023

1.24.0

May 31, 2023

1.23.0

May 24, 2023

1.22.0

May 16, 2023

1.21.0

May 4, 2023

1.20.0

Apr 28, 2023

1.19.0

Apr 21, 2023

1.18.0

Apr 14, 2023

1.17.1

Apr 5, 2023

1.17.0

Apr 5, 2023

1.16.0

Mar 31, 2023

1.15.0

Mar 15, 2023

1.14.0

Mar 1, 2023

1.13.0

Feb 24, 2023

1.12.1

Feb 17, 2023

1.12.0

Feb 14, 2023

1.11.0

Feb 10, 2023

1.10.0

Feb 9, 2023

1.9.0

Feb 2, 2023

1.8.0

Feb 1, 2023

1.7.0

Feb 1, 2023

1.6.0

Jan 27, 2023

1.5.1

Jan 20, 2023

1.3.0

Jan 6, 2023

1.2.1

Dec 16, 2022

1.2.0

Dec 15, 2022

1.1.0

Dec 5, 2022

1.0.0

Dec 1, 2022

0.123.0

Nov 29, 2022

0.122.0

Nov 16, 2022

0.121.2

Nov 10, 2022

0.121.1

Nov 8, 2022

0.121.0

Nov 7, 2022

0.120.0

Nov 2, 2022

0.118.0

Oct 19, 2022

0.117.0

Oct 12, 2022

0.116.0

Oct 6, 2022

0.115.0

Sep 27, 2022

0.114.0

Sep 19, 2022

0.113.0

Sep 15, 2022

0.112.1

Sep 8, 2022

0.112.0

Sep 7, 2022

0.111.1

Aug 23, 2022

0.111.0

Aug 22, 2022

0.110.0

Aug 15, 2022

0.109.0

Aug 11, 2022

0.108.0

Aug 4, 2022

0.107.0

Jul 29, 2022

0.106.0

Jul 21, 2022

0.105.0

Jul 20, 2022

0.104.0

Jul 13, 2022

0.103.0

Jul 5, 2022

0.102.0

Jun 30, 2022

0.101.1

Jun 28, 2022

0.101.0

Jun 27, 2022

0.100.0

Jun 22, 2022

This version

0.98.0

Jun 15, 2022

0.97.0

Jun 8, 2022

0.96.0

Jun 4, 2022

0.95.0

Jun 2, 2022

0.94.0

May 25, 2022

0.93.0

May 17, 2022

0.92.1

May 13, 2022

0.92.0

May 11, 2022

0.91.0

May 3, 2022

0.90.0

Apr 27, 2022

0.89.0

Apr 20, 2022

0.88.0

Apr 13, 2022

0.87.0

Apr 8, 2022

0.86.5

Mar 28, 2022

0.86.3

Mar 25, 2022

0.86.2

Mar 25, 2022

0.86.1

Mar 25, 2022

0.86.0

Mar 24, 2022

0.85.0

Mar 16, 2022

0.84.0

Mar 9, 2022

0.83.0

Feb 25, 2022

0.82.0

Feb 9, 2022

0.81.0

Feb 2, 2022

0.80.0

Jan 26, 2022

0.79.0

Jan 20, 2022

0.78.0

Jan 13, 2022

0.77.0

Dec 17, 2021

0.76.2

Dec 8, 2021

0.76.1

Dec 7, 2021

0.76.0

Dec 7, 2021

0.75.0

Nov 23, 2021

0.74.0

Nov 19, 2021

0.73.0

Nov 12, 2021

0.72.0

Nov 10, 2021

0.71.0

Nov 1, 2021

0.70.0

Oct 20, 2021

0.69.1

Oct 14, 2021

0.69.0

Oct 13, 2021

0.68.2

Oct 8, 2021

0.68.1

Oct 7, 2021

0.68.0

Oct 7, 2021

0.67.0

Sep 30, 2021

0.66.0

Sep 22, 2021

0.65.0

Sep 14, 2021

0.64.0

Sep 1, 2021

0.63.0

Aug 25, 2021

0.62.0

Aug 17, 2021

0.61.0

Aug 4, 2021

0.60.0

Jul 27, 2021

0.59.0

Jul 20, 2021

0.58.2

Jul 15, 2021

0.58.1

Jul 15, 2021

0.58.0

Jul 14, 2021

0.57.0

Jun 30, 2021

0.56.0

Jun 15, 2021

0.55.1

Jun 9, 2021

0.55.0

Jun 8, 2021

0.54.0

Jun 2, 2021

0.53.0

May 26, 2021

0.52.0

May 18, 2021

0.51.0

May 13, 2021

0.50.1

May 7, 2021

0.50.0

May 6, 2021

0.49.0

Apr 28, 2021

0.48.0

Apr 20, 2021

0.47.0

Apr 16, 2021

0.46.0

Apr 9, 2021

0.45.0

Mar 31, 2021

0.44.0

Mar 25, 2021

0.43.0

Mar 16, 2021

0.42.0

Mar 10, 2021

0.41.1

Feb 24, 2021

0.41.0

Feb 24, 2021

0.40.0

Feb 18, 2021

0.39.1

Jan 27, 2021

0.39.0

Jan 27, 2021

0.38.0

Jan 20, 2021

0.37.0

Jan 13, 2021

0.36.0

Jan 6, 2021

0.35.0

Dec 16, 2020

0.34.0

Dec 9, 2020

0.33.0

Dec 2, 2020

0.32.0

Nov 19, 2020

0.31.1

Nov 11, 2020

0.31.0

Nov 10, 2020

0.30.0

Nov 4, 2020

0.29.0

Oct 27, 2020

0.28.0

Oct 21, 2020

0.27.0

Oct 6, 2020

0.26.0

Sep 30, 2020

0.25.0

Sep 23, 2020

0.24.0

Sep 16, 2020

0.23.0

Sep 10, 2020

0.22.0

Sep 1, 2020

0.21.0

Aug 25, 2020

0.20.0

Aug 19, 2020

0.19.1

Aug 13, 2020

0.19.0

Aug 12, 2020

0.18.0

Aug 6, 2020

0.17.0

Jul 29, 2020

0.16.0

Jul 22, 2020

0.15.0

Jul 16, 2020

0.15.0b1 pre-release

Jul 15, 2020

0.14.0

Jul 8, 2020

0.13.0

Jul 1, 2020

0.12.0

Jun 24, 2020

0.11.0

Jun 17, 2020

0.11.0b1 pre-release

Jun 17, 2020

0.10.1

Jun 10, 2020

0.10.0

Jun 10, 2020

0.9.0

Jun 3, 2020

0.8.1

May 26, 2020

0.8.0

May 21, 2020

0.8.0b1 pre-release

May 20, 2020

0.6.0

May 6, 2020

0.0.0

Feb 17, 2021

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

semgrep-0.98.0.tar.gz (172.2 kB view details)

Uploaded Jun 15, 2022 Source

Built Distributions

semgrep-0.98.0-cp37.cp38.cp39.py37.py38.py39-none-macosx_11_0_arm64.whl (24.0 MB view details)

Uploaded Jun 15, 2022 CPython 3.7 CPython 3.8 CPython 3.9 Python 3.7 Python 3.8 Python 3.9 macOS 11.0+ ARM64

semgrep-0.98.0-cp37.cp38.cp39.py37.py38.py39-none-macosx_10_14_x86_64.whl (20.9 MB view details)

Uploaded Jun 15, 2022 CPython 3.7 CPython 3.8 CPython 3.9 Python 3.7 Python 3.8 Python 3.9 macOS 10.14+ x86-64

semgrep-0.98.0-cp37.cp38.cp39.py37.py38.py39-none-any.whl (24.1 MB view details)

Uploaded Jun 15, 2022 CPython 3.7 CPython 3.8 CPython 3.9 Python 3.7 Python 3.8 Python 3.9

File details

Details for the file semgrep-0.98.0.tar.gz.

File metadata

Download URL: semgrep-0.98.0.tar.gz
Upload date: Jun 15, 2022
Size: 172.2 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.1 CPython/3.9.13

File hashes

Hashes for semgrep-0.98.0.tar.gz
Algorithm	Hash digest
SHA256	`69adda816af99632554dda17d2697a0aa80e4ef6ef32204947c3077d22d5478f`
MD5	`ab5e29d5a6c71b46102e016b7b636c04`
BLAKE2b-256	`e635ecb19ff740c41bad0563ef68d914cac96bb94cbd643f436d7d99f71a90e3`

See more details on using hashes here.

File details

Details for the file semgrep-0.98.0-cp37.cp38.cp39.py37.py38.py39-none-macosx_11_0_arm64.whl.

File metadata

Download URL: semgrep-0.98.0-cp37.cp38.cp39.py37.py38.py39-none-macosx_11_0_arm64.whl
Upload date: Jun 15, 2022
Size: 24.0 MB
Tags: CPython 3.7, CPython 3.8, CPython 3.9, Python 3.7, Python 3.8, Python 3.9, macOS 11.0+ ARM64
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.1 CPython/3.9.13

File hashes

Hashes for semgrep-0.98.0-cp37.cp38.cp39.py37.py38.py39-none-macosx_11_0_arm64.whl
Algorithm	Hash digest
SHA256	`26082d1b2f4c0b8c56bac72cc6af92ec4a13e17764b7547cb43145d327bbd115`
MD5	`70e48e11496906ca2d5533dc3ecbd1a2`
BLAKE2b-256	`de5759a988fa059f9efe7b751a3f999a9a05bd3f6d8f1139c241c45d08c22178`

See more details on using hashes here.

File details

Details for the file semgrep-0.98.0-cp37.cp38.cp39.py37.py38.py39-none-macosx_10_14_x86_64.whl.

File metadata

Download URL: semgrep-0.98.0-cp37.cp38.cp39.py37.py38.py39-none-macosx_10_14_x86_64.whl
Upload date: Jun 15, 2022
Size: 20.9 MB
Tags: CPython 3.7, CPython 3.8, CPython 3.9, Python 3.7, Python 3.8, Python 3.9, macOS 10.14+ x86-64
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.1 CPython/3.9.13

File hashes

Hashes for semgrep-0.98.0-cp37.cp38.cp39.py37.py38.py39-none-macosx_10_14_x86_64.whl
Algorithm	Hash digest
SHA256	`db646c9a2081643c197116716f7d781ea0db7d475698a41eb70168452d4724cf`
MD5	`20cfa4b66ce0859247472e1ee58b1ba5`
BLAKE2b-256	`8f64458d21347da6a08bf5aa3aeb9e4435e9d061288b6f1908c90e87cf11d7b0`

See more details on using hashes here.

File details

Details for the file semgrep-0.98.0-cp37.cp38.cp39.py37.py38.py39-none-any.whl.

File metadata

Download URL: semgrep-0.98.0-cp37.cp38.cp39.py37.py38.py39-none-any.whl
Upload date: Jun 15, 2022
Size: 24.1 MB
Tags: CPython 3.7, CPython 3.8, CPython 3.9, Python 3.7, Python 3.8, Python 3.9
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.1 CPython/3.9.13

File hashes

Hashes for semgrep-0.98.0-cp37.cp38.cp39.py37.py38.py39-none-any.whl
Algorithm	Hash digest
SHA256	`c46dea0f4ee823f3472cef9e59a60ad6e5e5e8202353a0af1fedbf12533432d6`
MD5	`c86e20b821182330a20f87cfff285e11`
BLAKE2b-256	`7d9545aaa28776334a9312232c2eefc735af7c2d9283adcc1fa2d90e611473a4`