TL;DR: Please take a minute to complete this survey by Nov. 15th, and help us decide on a new name for Semgrep OSS!
Hello Semgrep Community,
Over the years, Semgrep has grown from an open-source code scanning tool into a full-featured AppSec Platform, with products like Code, Supply Chain, Secrets, and Assistant. Our company has grown to over 150 full time Semgreppers, and the original open-source engine now runs millions of scans each month. We're elated by how much has changed, all thanks to your support!
As we've grown, we've encountered confusion regarding the differences between Semgrep OSS, our commercial products, and what some competitors offer. Feedback from community members, customers, and partners is that the name "Semgrep OSS" doesn't clearly communicate the limitations of the project.
We’re concerned that the use of "Semgrep" branding in other vendors’ products may misrepresent the level of security they actually offer, especially when their products wrap Semgrep OSS, and not our comprehensive commercial offering. Worse, this lack of clarity means some community members don't realize they are paying another vendor for our OSS code scanner, which we provide for free. We feel this negatively impacts both the community and us.
To address this, we are taking three steps:
Renaming Semgrep OSS: We're changing the name to clarify what Semgrep OSS is—and what it’s not. Its license will remain the same; we’re simply focused on finding a more descriptive name.
We need your input! Please take a minute to complete this survey and help us decide. You’ll be entered to win a pair of AirPods Max as a thank-you for your time.Working with Vendors: We are beginning to contact vendors who wrap Semgrep OSS and/or use the Semgrep brand within their products to ensure accurate representation.
Launching a Verified Partners Program: Early next year, we’ll roll out a program to support and promote partners who transparently use Semgrep OSS and/or have commercial agreements with us. Our goal is to ensure that both the open-source project and commercial products are used in alignment with their founding principles.
Ideas and feedback welcomed. Thank you for helping us strike the right balance between growing a commercial business and supporting a thriving community. Our goal is to build an enduring company with you, the community. We’re in it for the long run, because it’s going to take a long time to “profoundly improve software security and reliability”. Let’s do it, together.
- Luke & your friends at Semgrep