Help us rename Semgrep OSS!

We're exploring new names for Semgrep OSS and we want the community's input - please fill out the linked survey by November 15th, and read on for context/motivation. As a token of appreciation, those that fill out the survey will be entered to win a pair of AirPods Max!

Luke O'Malley
November 1st, 2024
Share

TL;DR: Please take a minute to complete this survey by Nov. 15th, and help us decide on a new name for Semgrep OSS!

Hello Semgrep Community,

Over the years, Semgrep has grown from an open-source code scanning tool into a full-featured AppSec Platform, with products like Code, Supply Chain, Secrets, and Assistant. Our company has grown to over 150 full time Semgreppers, and the original open-source engine now runs millions of scans each month. We're elated by how much has changed, all thanks to your support!

As we've grown, we've encountered confusion regarding the differences between Semgrep OSS, our commercial products, and what some competitors offer. Feedback from community members, customers, and partners is that the name "Semgrep OSS" doesn't clearly communicate the limitations of the project.

We’re concerned that the use of "Semgrep" branding in other vendors’ products may misrepresent the level of security they actually offer, especially when their products wrap Semgrep OSS, and not our comprehensive commercial offering. Worse, this lack of clarity means some community members don't realize they are paying another vendor for our OSS code scanner, which we provide for free. We feel this negatively impacts both the community and us.

To address this, we are taking three steps:

  1. Renaming Semgrep OSS: We're changing the name to clarify what Semgrep OSS is—and what it’s not. Its license will remain the same; we’re simply focused on finding a more descriptive name.

    We need your input! Please take a minute to complete this survey and help us decide. You’ll be entered to win a pair of AirPods Max as a thank-you for your time.

  2. Working with Vendors: We are beginning to contact vendors who wrap Semgrep OSS and/or use the Semgrep brand within their products to ensure accurate representation. 

  3. Launching a Verified Partners Program: Early next year, we’ll roll out a program to support and promote partners who transparently use Semgrep OSS and/or have commercial agreements with us. Our goal is to ensure that both the open-source project and commercial products are used in alignment with their founding principles.

Ideas and feedback welcomed. Thank you for helping us strike the right balance between growing a commercial business and supporting a thriving community. Our goal is to build an enduring company with you, the community. We’re in it for the long run, because it’s going to take a long time to “profoundly improve software security and reliability”. Let’s do it, together.

- Luke & your friends at Semgrep

About

Semgrep lets security teams partner with developers and shift left organically, without introducing friction. Semgrep gives security teams confidence that they are only surfacing true, actionable issues to developers, and makes it easy for developers to fix these issues in their existing environments.

Featured posts from the Semgrep blog, written by our engineering team

July 31, 2024
AppSec guides, not gates: Introducing secure guardrails with Semgrep
Isaac Evans
May 21, 2024
Rapidly deploy code scans across your organization with Semgrep managed scanning
Pablo Estrada
May 16, 2024
Overrated and underperforming: transitive reachability analysis
Kyle Kelly

Find and fix the issues that matter before build time

Semgrep helps organizations shift left without the developer productivity tax.
Get started in minutes Book a demo