semgrep

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

These details have been verified by PyPI

Maintainers

brendongo r2c r2c-drewdennison underyx

These details have not been verified by PyPI

Project links

Homepage

Project description

Code scanning at ludicrous speed.

Semgrep is a fast, open-source, static analysis engine for finding bugs, detecting vulnerabilities in third-party dependencies, and enforcing code standards. Semgrep analyzes code locally on your computer or in your build environment: code is never uploaded. Get started →.

Language support

Semgrep supports 30+ languages.

Category	Languages
GA	C# · Go · Java · JavaScript · JSX · JSON · PHP · Python · Ruby · Scala · Terraform · TypeScript · TSX
Beta	Kotlin · Rust
Experimental	Bash · C · C++ · Clojure · Dart · Dockerfile · Elixir · HTML · Jsonnet · Lisp · Lua · OCaml · R · Scheme · Solidity · Swift · YAML · XML · Generic (ERB, Jinja, etc.)

For beginners, we recommend starting with the Semgrep Cloud Platform because it provides a visual interface, a demo project, result triaging and exploration workflows, and makes setup in CI/CD fast. Scans are still local and code isn't uploaded. Alternatively, you can also start with the CLI without logging in and navigate the terminal output to run one-off searches.

Option 1: Getting started from the CLI

Install Semgrep CLI

# For macOS
$ brew install semgrep

# For Ubuntu/WSL/Linux/macOS
$ python3 -m pip install semgrep

# To try Semgrep without installation run via Docker
$ docker run --rm -v "${PWD}:/src" returntocorp/semgrep semgrep

Go to your app's root directory and run semgrep scan --config auto. This will scan your project with the default settings.
[Optional, but recommended] Run semgrep login to get the login URL for the Semgrep Cloud Platform. Open the login URL in the browser and login.

Option 2: Getting started from the Semgrep Cloud Platform (Recommended)

Register to semgrep.dev
Explore the demo app
Scan your project by navigating to Projects > Scan New Project > Run scan in CI
Select your version control system and follow the wizard to add your project. After this setup, Semgrep will scan your project after every pull request.
[Optional but recommended] If you want to run Semgrep locally, follow the steps in the CLI section.

Notes:

Visit Docs > Running rules to learn more about auto config and other rules.
If there are any issues, please ask in the Smegrep Slack group https://go.semgrep.dev/slack
To run Semgrep Supply Chain, contact the Semgrep team. Visit the full documentation to learn more.

Semgrep Ecosystem

The Semgrep ecosystem includes the following products:

Semgrep OSS Engine - The open-source engine at the heart of everything (this project).
Semgrep Cloud Platform (SCP) - Deploy, manage, and monitor SAST and SCA at scale using Semgrep, with free and paid tiers. Integrates with continuous integration (CI) providers such as GitHub, GitLab, CircleCI, and more.
Semgrep Code - Scan your code with Semgrep's Pro rules and Semgrep Pro Engine to find OWASP Top 10 vulnerabilities and protect against critical security risks specific to your organization. Semgrep Code provides both Community (free) and Team (paid) tiers.
Semgrep Supply Chain (SSC) - A high-signal dependency scanner that detects reachable vulnerabilities in open source third-party libraries and functions across the software development life cycle (SDLC). Semgrep Supply Chain is available on Team (paid) tiers.

and:

Semgrep Playground - An online interactive tool for writing and sharing rules.
Semgrep Registry - 2,000+ community-driven rules covering security, correctness, and dependency vulnerabilities.

Join hundreds of thousands of other developers and security engineers already using Semgrep at companies like GitLab, Dropbox, Slack, Figma, Shopify, HashiCorp, Snowflake, and Trail of Bits.

Semgrep is developed and commercially supported by Semgrep, Inc., a software security company.

Semgrep Rules

Semgrep rules look like the code you already write; no abstract syntax trees, regex wrestling, or painful DSLs. Here's a quick rule for finding Python print() statements.

Run it online in Semgrep’s Playground by clicking here.

Examples

Visit Docs > Rule examples for use cases and ideas.

Use case	Semgrep rule
Ban dangerous APIs	Prevent use of exec
Search routes and authentication	Extract Spring routes
Enforce the use secure defaults	Securely set Flask cookies
Tainted data flowing into sinks	ExpressJS dataflow into sandbox.run
Enforce project best-practices	Use assertEqual for == checks, Always check subprocess calls
Codify project-specific knowledge	Verify transactions before making them
Audit security hotspots	Finding XSS in Apache Airflow, Hardcoded credentials
Audit configuration files	Find S3 ARN uses
Migrate from deprecated APIs	DES is deprecated, Deprecated Flask APIs, Deprecated Bokeh APIs
Apply automatic fixes	Use listenAndServeTLS

Extensions

Visit Docs > Extensions to learn about using Semgrep in your editor or pre-commit. When integrated into CI and configured to scan pull requests, Semgrep will only report issues introduced by that pull request; this lets you start using Semgrep without fixing or ignoring pre-existing issues!

Documentation

Browse the full Semgrep documentation on the website. If you’re new to Semgrep, check out Docs > Getting started or the interactive tutorial.

Metrics

Using remote configuration from the Registry (like --config=p/ci) reports pseudonymous rule metrics to semgrep.dev.

Using configs from local files (like --config=xyz.yml) does not enable metrics.

To disable Registry rule metrics, use --metrics=off.

The Semgrep privacy policy describes the principles that guide data-collection decisions and the breakdown of the data that are and are not collected when the metrics are enabled.

Upgrading

To upgrade, run the command below associated with how you installed Semgrep:

# Using Homebrew
$ brew upgrade semgrep

# Using pip
$ python3 -m pip install --upgrade semgrep

# Using Docker
$ docker pull returntocorp/semgrep:latest

Project details

These details have been verified by PyPI

Maintainers

brendongo r2c r2c-drewdennison underyx

These details have not been verified by PyPI

Project links

Homepage

Release history Release notifications | RSS feed

1.97.0

Nov 20, 2024

1.96.0

Nov 7, 2024

1.95.0

Oct 31, 2024

1.94.0

Oct 31, 2024

1.93.0

Oct 23, 2024

1.92.0

Oct 17, 2024

1.91.0

Oct 11, 2024

1.90.0

Sep 26, 2024

1.89.0

Sep 20, 2024

1.88.0

Sep 19, 2024

1.87.0

Sep 13, 2024

1.86.0

Sep 4, 2024

1.85.0

Aug 15, 2024

1.84.1

Aug 7, 2024

1.84.0

Aug 6, 2024

1.83.0

Aug 2, 2024

1.82.0

Jul 30, 2024

1.81.0

Jul 24, 2024

1.80.0

Jul 18, 2024

1.79.0

Jul 10, 2024

1.78.0

Jun 27, 2024

1.77.0

Jun 24, 2024

1.76.0

Jun 17, 2024

1.75.0

Jun 3, 2024

1.74.0

May 23, 2024

1.73.0

May 16, 2024

1.72.0

May 8, 2024

1.71.0

May 3, 2024

1.70.0

Apr 24, 2024

1.69.0

Apr 16, 2024

1.68.0

Apr 9, 2024

1.67.0

Mar 28, 2024

1.66.2

Mar 26, 2024

1.66.1

Mar 25, 2024

1.66.0

Mar 19, 2024

1.65.0

Mar 11, 2024

1.64.0

Mar 7, 2024

1.63.0

Feb 27, 2024

1.62.0

Feb 22, 2024

1.61.1

Feb 14, 2024

1.61.0

Feb 13, 2024

1.60.1

Feb 9, 2024

1.60.0

Feb 8, 2024

1.59.1

Feb 2, 2024

1.59.0

Jan 30, 2024

1.58.0

Jan 23, 2024

1.57.0

Jan 18, 2024

1.56.0

Jan 10, 2024

1.55.2

Jan 5, 2024

1.55.1

Jan 4, 2024

1.55.0

Jan 2, 2024

1.54.3

Dec 22, 2023

1.54.2

Dec 21, 2023

1.54.1

Dec 20, 2023

1.54.0

Dec 20, 2023

1.53.0

Dec 12, 2023

1.52.0

Dec 5, 2023

1.51.0

Nov 29, 2023

1.50.0

Nov 17, 2023

1.49.0

Nov 15, 2023

1.48.0

Nov 6, 2023

1.46.0

Oct 24, 2023

1.45.0

Oct 18, 2023

1.44.0

Oct 11, 2023

1.43.0

Oct 3, 2023

1.42.0

Sep 29, 2023

1.41.0

Sep 19, 2023

1.40.0

Sep 14, 2023

1.39.0

Sep 7, 2023

1.38.3

Sep 2, 2023

1.38.2

Sep 1, 2023

1.38.1

Sep 1, 2023

1.38.0

Aug 31, 2023

1.37.0

Aug 25, 2023

1.36.0

Aug 14, 2023

1.35.0

Aug 9, 2023

1.34.1

Jul 29, 2023

1.34.0

Jul 27, 2023

1.33.2

Jul 21, 2023

1.33.1

Jul 21, 2023

1.32.0

Jul 13, 2023

1.31.2

Jul 7, 2023

1.31.1

Jul 7, 2023

1.31.0

Jul 7, 2023

1.30.0

Jun 28, 2023

1.29.0

Jun 26, 2023

1.28.0

Jun 21, 2023

1.27.0

Jun 13, 2023

1.26.0

Jun 9, 2023

1.25.0

Jun 6, 2023

1.24.1

Jun 1, 2023

1.24.0

May 31, 2023

1.23.0

May 24, 2023

1.22.0

May 16, 2023

This version

1.21.0

May 4, 2023

1.20.0

Apr 28, 2023

1.19.0

Apr 21, 2023

1.18.0

Apr 14, 2023

1.17.1

Apr 5, 2023

1.17.0

Apr 5, 2023

1.16.0

Mar 31, 2023

1.15.0

Mar 15, 2023

1.14.0

Mar 1, 2023

1.13.0

Feb 24, 2023

1.12.1

Feb 17, 2023

1.12.0

Feb 14, 2023

1.11.0

Feb 10, 2023

1.10.0

Feb 9, 2023

1.9.0

Feb 2, 2023

1.8.0

Feb 1, 2023

1.7.0

Feb 1, 2023

1.6.0

Jan 27, 2023

1.5.1

Jan 20, 2023

1.3.0

Jan 6, 2023

1.2.1

Dec 16, 2022

1.2.0

Dec 15, 2022

1.1.0

Dec 5, 2022

1.0.0

Dec 1, 2022

0.123.0

Nov 29, 2022

0.122.0

Nov 16, 2022

0.121.2

Nov 10, 2022

0.121.1

Nov 8, 2022

0.121.0

Nov 7, 2022

0.120.0

Nov 2, 2022

0.118.0

Oct 19, 2022

0.117.0

Oct 12, 2022

0.116.0

Oct 6, 2022

0.115.0

Sep 27, 2022

0.114.0

Sep 19, 2022

0.113.0

Sep 15, 2022

0.112.1

Sep 8, 2022

0.112.0

Sep 7, 2022

0.111.1

Aug 23, 2022

0.111.0

Aug 22, 2022

0.110.0

Aug 15, 2022

0.109.0

Aug 11, 2022

0.108.0

Aug 4, 2022

0.107.0

Jul 29, 2022

0.106.0

Jul 21, 2022

0.105.0

Jul 20, 2022

0.104.0

Jul 13, 2022

0.103.0

Jul 5, 2022

0.102.0

Jun 30, 2022

0.101.1

Jun 28, 2022

0.101.0

Jun 27, 2022

0.100.0

Jun 22, 2022

0.98.0

Jun 15, 2022

0.97.0

Jun 8, 2022

0.96.0

Jun 4, 2022

0.95.0

Jun 2, 2022

0.94.0

May 25, 2022

0.93.0

May 17, 2022

0.92.1

May 13, 2022

0.92.0

May 11, 2022

0.91.0

May 3, 2022

0.90.0

Apr 27, 2022

0.89.0

Apr 20, 2022

0.88.0

Apr 13, 2022

0.87.0

Apr 8, 2022

0.86.5

Mar 28, 2022

0.86.3

Mar 25, 2022

0.86.2

Mar 25, 2022

0.86.1

Mar 25, 2022

0.86.0

Mar 24, 2022

0.85.0

Mar 16, 2022

0.84.0

Mar 9, 2022

0.83.0

Feb 25, 2022

0.82.0

Feb 9, 2022

0.81.0

Feb 2, 2022

0.80.0

Jan 26, 2022

0.79.0

Jan 20, 2022

0.78.0

Jan 13, 2022

0.77.0

Dec 17, 2021

0.76.2

Dec 8, 2021

0.76.1

Dec 7, 2021

0.76.0

Dec 7, 2021

0.75.0

Nov 23, 2021

0.74.0

Nov 19, 2021

0.73.0

Nov 12, 2021

0.72.0

Nov 10, 2021

0.71.0

Nov 1, 2021

0.70.0

Oct 20, 2021

0.69.1

Oct 14, 2021

0.69.0

Oct 13, 2021

0.68.2

Oct 8, 2021

0.68.1

Oct 7, 2021

0.68.0

Oct 7, 2021

0.67.0

Sep 30, 2021

0.66.0

Sep 22, 2021

0.65.0

Sep 14, 2021

0.64.0

Sep 1, 2021

0.63.0

Aug 25, 2021

0.62.0

Aug 17, 2021

0.61.0

Aug 4, 2021

0.60.0

Jul 27, 2021

0.59.0

Jul 20, 2021

0.58.2

Jul 15, 2021

0.58.1

Jul 15, 2021

0.58.0

Jul 14, 2021

0.57.0

Jun 30, 2021

0.56.0

Jun 15, 2021

0.55.1

Jun 9, 2021

0.55.0

Jun 8, 2021

0.54.0

Jun 2, 2021

0.53.0

May 26, 2021

0.52.0

May 18, 2021

0.51.0

May 13, 2021

0.50.1

May 7, 2021

0.50.0

May 6, 2021

0.49.0

Apr 28, 2021

0.48.0

Apr 20, 2021

0.47.0

Apr 16, 2021

0.46.0

Apr 9, 2021

0.45.0

Mar 31, 2021

0.44.0

Mar 25, 2021

0.43.0

Mar 16, 2021

0.42.0

Mar 10, 2021

0.41.1

Feb 24, 2021

0.41.0

Feb 24, 2021

0.40.0

Feb 18, 2021

0.39.1

Jan 27, 2021

0.39.0

Jan 27, 2021

0.38.0

Jan 20, 2021

0.37.0

Jan 13, 2021

0.36.0

Jan 6, 2021

0.35.0

Dec 16, 2020

0.34.0

Dec 9, 2020

0.33.0

Dec 2, 2020

0.32.0

Nov 19, 2020

0.31.1

Nov 11, 2020

0.31.0

Nov 10, 2020

0.30.0

Nov 4, 2020

0.29.0

Oct 27, 2020

0.28.0

Oct 21, 2020

0.27.0

Oct 6, 2020

0.26.0

Sep 30, 2020

0.25.0

Sep 23, 2020

0.24.0

Sep 16, 2020

0.23.0

Sep 10, 2020

0.22.0

Sep 1, 2020

0.21.0

Aug 25, 2020

0.20.0

Aug 19, 2020

0.19.1

Aug 13, 2020

0.19.0

Aug 12, 2020

0.18.0

Aug 6, 2020

0.17.0

Jul 29, 2020

0.16.0

Jul 22, 2020

0.15.0

Jul 16, 2020

0.15.0b1 pre-release

Jul 15, 2020

0.14.0

Jul 8, 2020

0.13.0

Jul 1, 2020

0.12.0

Jun 24, 2020

0.11.0

Jun 17, 2020

0.11.0b1 pre-release

Jun 17, 2020

0.10.1

Jun 10, 2020

0.10.0

Jun 10, 2020

0.9.0

Jun 3, 2020

0.8.1

May 26, 2020

0.8.0

May 21, 2020

0.8.0b1 pre-release

May 20, 2020

0.6.0

May 6, 2020

0.0.0

Feb 17, 2021

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

semgrep-1.21.0.tar.gz (276.9 kB view details)

Uploaded May 4, 2023 Source

Built Distributions

semgrep-1.21.0-cp37.cp38.cp39.py37.py38.py39-none-macosx_11_0_arm64.whl (26.3 MB view details)

Uploaded May 4, 2023 CPython 3.7 CPython 3.8 CPython 3.9 Python 3.7 Python 3.8 Python 3.9 macOS 11.0+ ARM64

semgrep-1.21.0-cp37.cp38.cp39.py37.py38.py39-none-macosx_10_14_x86_64.whl (22.8 MB view details)

Uploaded May 4, 2023 CPython 3.7 CPython 3.8 CPython 3.9 Python 3.7 Python 3.8 Python 3.9 macOS 10.14+ x86-64

semgrep-1.21.0-cp37.cp38.cp39.py37.py38.py39-none-any.whl (26.3 MB view details)

Uploaded May 4, 2023 CPython 3.7 CPython 3.8 CPython 3.9 Python 3.7 Python 3.8 Python 3.9

File details

Details for the file semgrep-1.21.0.tar.gz.

File metadata

Download URL: semgrep-1.21.0.tar.gz
Upload date: May 4, 2023
Size: 276.9 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.2 CPython/3.9.16

File hashes

Hashes for semgrep-1.21.0.tar.gz
Algorithm	Hash digest
SHA256	`c01caff2b888848c98dd1af78ed011cffcb6ffc04552244cb90f8596bb6f0aac`
MD5	`04ccb1fd485c92f18e5a2661f2f64083`
BLAKE2b-256	`6360aad4a729e77e0d4f4f0e6c24bde73fff790933e875d4eb40329f2ae0f23c`

See more details on using hashes here.

File details

Details for the file semgrep-1.21.0-cp37.cp38.cp39.py37.py38.py39-none-macosx_11_0_arm64.whl.

File metadata

Download URL: semgrep-1.21.0-cp37.cp38.cp39.py37.py38.py39-none-macosx_11_0_arm64.whl
Upload date: May 4, 2023
Size: 26.3 MB
Tags: CPython 3.7, CPython 3.8, CPython 3.9, Python 3.7, Python 3.8, Python 3.9, macOS 11.0+ ARM64
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.2 CPython/3.9.16

File hashes

Hashes for semgrep-1.21.0-cp37.cp38.cp39.py37.py38.py39-none-macosx_11_0_arm64.whl
Algorithm	Hash digest
SHA256	`7e6f604fdc60364655498c5f11222dafdb1c24e610435ddda63c9e18f6ba6196`
MD5	`cb367ab7d0cfc93ecc314bf195a83128`
BLAKE2b-256	`e88e1043b8a04665d584b68311d9a64efb66c042b304b37cd8b3252d374ee752`

See more details on using hashes here.

File details

Details for the file semgrep-1.21.0-cp37.cp38.cp39.py37.py38.py39-none-macosx_10_14_x86_64.whl.

File metadata

Download URL: semgrep-1.21.0-cp37.cp38.cp39.py37.py38.py39-none-macosx_10_14_x86_64.whl
Upload date: May 4, 2023
Size: 22.8 MB
Tags: CPython 3.7, CPython 3.8, CPython 3.9, Python 3.7, Python 3.8, Python 3.9, macOS 10.14+ x86-64
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.2 CPython/3.9.16

File hashes

Hashes for semgrep-1.21.0-cp37.cp38.cp39.py37.py38.py39-none-macosx_10_14_x86_64.whl
Algorithm	Hash digest
SHA256	`42f77d4cc0cf9159fdd8383a24e50cfed2d9d8fff959592ace3579fbd0e67c6d`
MD5	`e97f664b71dc4d8f92c8fb5e58680e75`
BLAKE2b-256	`550b25849b5d7ef364239eaeb3beba1019007bfb6f076b83e89c87a41bb70fcd`

See more details on using hashes here.

File details

Details for the file semgrep-1.21.0-cp37.cp38.cp39.py37.py38.py39-none-any.whl.

File metadata

Download URL: semgrep-1.21.0-cp37.cp38.cp39.py37.py38.py39-none-any.whl
Upload date: May 4, 2023
Size: 26.3 MB
Tags: CPython 3.7, CPython 3.8, CPython 3.9, Python 3.7, Python 3.8, Python 3.9
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.2 CPython/3.9.16

File hashes

Hashes for semgrep-1.21.0-cp37.cp38.cp39.py37.py38.py39-none-any.whl
Algorithm	Hash digest
SHA256	`01b543856062cef221d7a8c133a7e791dcc32ff94e60d95a1477fef08392f081`
MD5	`99cb8d86dbb7e3182f9205838cf87754`
BLAKE2b-256	`56566e4c142a84f7c85dd8d6cd75608519b6dedda279e5926060496bc5a2b1a3`