Sign InProduct SupportContact Us

Works with Semgrep Pro Engine

Pro rules

Greatly reduce false positives while increasing scan coverage for critical vulnerability types. Bring findings directly to developers with confidence.

Start Scanning for FreeBook a Demo

pro+oss

Improved coverage and developer-oriented results

  • Semgrep Pro rules are written to minimize false positives so findings can be presented to developers in their workflows, avoiding lengthy triage sessions.

  • Pro rules provide high-confidence results by leveraging cross-file and cross-funtion dataflow analysis.

  • High confidence rules use features like taint tracking with sources, sinks, propagators, and sanitizers curated by our Security Research team.

commit a change

Rules for popular languages and frameworks:

Find injection vulnerabilities

More than 100 high-accuracy rules to find injection vulnerabilities in Java, PHP, JavaScript, Kotlin, Rust, and Swift.

Browse rules for detecting injection vulnerabilities
csharp-secrets-registry1

Discover malicious deserialization mechanisms

60+ rules supporting 14 Python libraries/frameworks and 3 commonly used Java libraries, both standalone or in combination with Java Servlets and the Spring Framework.

See rules for deserialization
deserialization-ruleset

Detect XXE vulnerabilities

Detect XML external entity issues with support for common Java libraries and classes, to identify the many different ways they can be insecurely configured and used.

Learn more about Java XML security
xxe-ruleset

Continuously monitored and updated

  • Rules are continuously updated by our Security Research team based on rule performance and user feedback.

  • Compared to Community rules, Pro rules provide better coverage for Java, JavaScript, TypeScript, Python, PHP, Ruby, C#, Swift, and Go.

  • Pro rule coverage for languages is continuously expanded by our Security Research team.

taint-rule

Customize and manage rules at scale

  • Rule syntax is intuitive and similar to source code so there's no need to learn new domain-specific languages to make tweaks.

  • Get a top-down view of fix and ignore rates to optimize rule policies and behaviors (monitor, comment, or blocking).

Learn about Semgrep Cloud Platform
code rule management

Learn more on the Semgrep blog

Read the blog
semgrep placeholder image
November 29, 20225 min read
Need for speed: static analysis version
Brandon Wu
Brandon Wu
semgrep placeholder image
November 03, 20225 min read
Powerfully autofixing code with Semgrep's new AST-based approach
Nat Mote
Nat Mote
semgrep placeholder image
February 07, 20223 min read
Keep your rules simple with symbolic propagation
Iago Abal
Iago Abal
semgrep placeholder image
October 13, 20227 min read
A deep dive into Semgrep Supply Chain
Kurt Boberg
Kurt Boberg
semgrep placeholder image
November 29, 20225 min read
Need for speed: static analysis version
Brandon Wu
Brandon Wu
semgrep placeholder image
November 03, 20225 min read
Powerfully autofixing code with Semgrep's new AST-based approach
Nat Mote
Nat Mote
semgrep placeholder image
February 07, 20223 min read
Keep your rules simple with symbolic propagation
Iago Abal
Iago Abal
semgrep placeholder image
October 13, 20227 min read
A deep dive into Semgrep Supply Chain
Kurt Boberg
Kurt Boberg
semgrep placeholder image
November 29, 20225 min read
Need for speed: static analysis version
Brandon Wu
Brandon Wu
semgrep placeholder image
November 03, 20225 min read
Powerfully autofixing code with Semgrep's new AST-based approach
Nat Mote
Nat Mote
semgrep placeholder image
February 07, 20223 min read
Keep your rules simple with symbolic propagation
Iago Abal
Iago Abal
semgrep placeholder image
October 13, 20227 min read
A deep dive into Semgrep Supply Chain
Kurt Boberg
Kurt Boberg

Fix the issues that matter with Pro rules + Pro Engine

Semgrep helps organizations shift left without the developer productivity tax

Book a demoLearn More about Pro Engineright-arrow-white.svg
Semgrep Logo

Make shift left work

4.5 Stars

Products

Semgrep Code
Semgrep Supply Chain
Semgrep Cloud Platform
Semgrep Pro Engine

Community

Blog

Resources

Docs
ROI Calculator
Pricing
Getting Started With Semgrep
Registry
Playground
Book a demo
Help Center

Company

About
Careers
Contact us
Twitter-logo-greenSlack-logo-greenGitHub-logo-greenYoutube-logo-green

© 2024 Semgrep, Inc. Semgrep is a registered trademark of Semgrep, Inc.

TermsPrivacy