Semgrep Managed Scans (SMS) helps teams to adopt SAST, SCA, and secret detection security tools across their entire organization without complex infrastructure investment and configuration. This transforms how quickly an enterprise can deploy or modify a code scanning tool - in hours and days, not months and years.
Unlike traditional deployment models that require managing config files and CI/CD integrations, SMS securely runs your scans on Semgrep's cloud infrastructure; we scan, process, and return your findings all automatically, leaving you with a hands-free experience. This approach has proven popular with over 40% of Semgrep customers now using SMS, processing over 1 million scans weekly with comprehensive coverage across Semgrep Code, Semgrep Supply Chain, and Semgrep Secrets, all without the operational burden or noise that makes tools like GitHub Advanced Security complex to scale and manage.
Enterprise-scale performance built from customer advice
During our beta program, we worked closely with companies ranging from fast-growing scale-ups to Fortune 500 enterprises. There was a lot of feedback that directly shaped how we built SMS for production-ready scale, with three particular areas we paid extra attention to:
"Can SMS handle our massive monorepo?"
A major work-management platform challenged us with their multi-million line codebase where traditional CI-based scanning often timed out. Through iterative optimization, we engineered infrastructure that scales automatically to meet demand, diff scanning that focuses on PR changes, and a process for our team to provision larger runners for exceptionally large repositories to ensure reliable performance even on multi-million line codebases. These optimizations combine to reliably scan millions of lines of code in a fraction of the time.
"What about scanning thousands of code repositories simultaneously?"
A multinational technology company with over 10,000 repositories came to us, weary of the operational nightmare around pipeline conflicts and resource contention at CI/CD scale. They needed a way to manage their security workflow across these repos without needing to micromanage every single pipeline. Our response: enterprise-scale orchestration that queues and prioritizes scans, load balances across our cloud infrastructure, and auto-discovers new repositories in the Semgrep Dashboard so growing organizations avoid gaps in coverage.
"Speed matters… how do you make sure developers aren’t waiting on slow scans?"
A leading e-commerce platform made it clear that scan speed determines developer adoption; if scans were slow, PRs would be blocked, and subsequently impact developer velocity. We optimized for developer experience first, achieving sub-5-minute diff scans through parallel processing and smart caching that avoids redundant code parsing.
These real-world challenges fundamentally shaped SMS architecture around three design principles: reliability, performance, and scale. The companies that pushed us hardest during beta are now some of our most successful SMS adopters, and moving to GA means these battle-tested capabilities are available to every team.
Looking to understand what you can save with SMS?
Calculating the savings of switching to SMS can be a bit of a puzzle. To help illustrate how SMS can save you real dollars we've shown two formulas for estimating ROI:
Initial setup savings ($)
(Config_ci_setup_min * Repo_Count) * LaborCost_per_min
Setup_Saved($) =Monthly compute savings ($/month)
(Compute_ci_per_min * Avg_scanTime_ci_min) * ((Avg_PRs_per_repo_per_month * Repo_Count) + Scheduled_Scans_per_month))
Compute_Saved($/month) =
For example, lets evaluate a mid-size 250 repo organization to estimate what savings would look like using SMS:
Initial Setup Savings($)
15 minutesto configure CI/CD per repo ×250 repos×$1.67/minute($100 an hour per engineer) =$6,262.50 one-time savingsMonthly Compute Savings ($/m)
Total monthly scans: (
20 PRs+4 scheduled) ×250 repos=6,000scansCompute cost:
6,000 scans×5 minutes(mean time to scan) ×$0.05/minute(compute cost per minute) =$1,500 per monthTotal First-Year Savings:
~$26,262.50Ongoing Annual Savings:
$18,000.00
This example shows how a mid-size organization can achieve substantial ROI from SMS, with savings that only increase as your codebase grows.
If you need a hand with the calculations above, or want to chat about how we can put together a more comprehensive calculation that factors in growing code bases and CI/CD maintenance, feel free to reach out to our accounts team here.
Immediate ROI with Advanced AI Capabilities
SMS delivers substantial savings by eliminating operational overhead while combining zero infrastructure management with advanced noise reduction. Semgrep's SCA reachability analysis eliminates unreachable supply chain vulnerabilities, Semgrep Assistant achieves 96% agreement with security researchers with step-by-step remediation in PR comments, and AI-powered memories learn from triage decisions to automatically filter false positives. Success stories like Glasswall's dramatic reduction in false positives demonstrate measurable ROI from day one: zero setup time, zero infrastructure costs, maximum signal.
Key technical capabilities:
One-click deployment - start scanning in minutes, not days
Enterprise-scale monorepo support - scan millions of lines across polyglot tech stacks
30+ programming languages - comprehensive coverage with a single tool
AI-powered remediation - step-by-step fixes delivered directly in PR comments
Configurable PR blocking - prevents vulnerabilities without breaking developer workflows
Weekly full scans + rapid PR diff scans (typically under 5 minutes)
Want to try out SMS?
For a quick overview of getting started with the platform and SMS deployment, check out this 3-minute getting started video:
