Announcing Semgrep's experimental support of Swift

Try your hand at writing Semgrep rules for Swift

Nat Mote
Nat Mote
September 06, 2022
swift support

One of Semgrep’s design principles is to make static analysis possible for every programming language. As we continue to add support for languages, we’re pleased to announce that Swift has now reached experimental status in Semgrep! Semgrep’s parse rate for Swift is at 94%, well above the 90% bar for experimental status, and the basic Semgrep features (... and metavariables) work correctly.

In large part, this is thanks to Alex Pinkus’ excellent work on the Swift Tree-sitter grammar. We use this to parse Swift code before converting it to our generic AST which we can then analyze. If we had been starting from scratch, it would have been much more difficult to reach this point!

Currently, there are no Swift rules in the registry but see below for an example of something that Semgrep can now scan for.

Until Swift rules are added to the registry, you must write custom rules to get findings. However, setting the following up now will position you to get findings as soon as new rules are published.

To scan your Swift code:

  • Using Semgrep App, add a GitHub or GitLab project and have Semgrep scan your codebase every time a PR or MR is created!

  • On the command line, upgrade to Semgrep v0.111.0 or higher (often using brew upgrade semgrep or pip install --upgrade semgrep) and scan your Swift code with semgrep --config=auto .

If you want to contribute Swift rules or file bugs, please check out the documentation.

If you have any questions, feel free to reach out to us in the community Slack. We're happy to answer any questions you might have.


Semgrep Logo

Semgrep is a fast, open-source, static analysis tool for finding bugs, detecting dependency vulnerabilities, and enforcing code standards.

Learn more with Semgrep’s blog

semgrep 1.0 blog postAnnouncement

December 01, 20223 min read

Releasing Semgrep 1.0
Yoann PadioleauYoann Padioleau

January 17, 20239 min read

XML Security in Java
Pieter De CremerPieter De Cremer
Introducing Semgrep Supply ChainBest practices

October 13, 20228 min read

A deep dive into Semgrep Supply Chain
Kurt BobergKurt Boberg

Code scanning at ludicrous speed

Find bugs and enforce code standards