Static analysis at ludicrous speed
Find bugs and enforce code standards
Semgrep is a fast, open-source, static analysis tool for finding bugs and enforcing code standards at editor, commit, and CI time. Get started →.
Semgrep runs fully on your computer or build environment: your code is never sent anywhere.
Its rules look like the code you already write; no abstract syntax trees or regex wrestling. Here's a quick rule for finding Python
print() statements, run it by clicking the [▸] button:
The Semgrep ecosystem includes:
- Semgrep - the open-source command line tool at the heart of everything
- Semgrep CI - a specialized Docker image for running Semgrep in CI environments
- Semgrep App - deploy, manage, and monitor Semgrep at scale with free and paid tiers
Semgrep supports 17+ languages.
|Python||Generic (ERB, Jinja, etc.)|
To determine alpha, beta, or general availability (GA) status we scan a wide corpus of projects and measure the parse rate of each language. For more details see the breakdown of all supported languages.
Semgrep is an evolution of pfff, which began at Facebook in 2009, which itself was an evolution of the Linux refactoring tool Coccinelle. r2c revitalized the project after its original author, Yoann Padioleau, joined the company.