Extensions

Several third-party tools include Semgrep extensions.

Editor

• IntelliJ IDEA: semgrep-idea-plugin
• Microsoft Visual Studio Code: semgrep-vscode
• Vim: semgrep.vim

Pre-commit

The pre-commit framework can run semgrep at commit-time. Install pre-commit and add the following to .pre-commit-config.yaml

repos:
- repo: https://github.com/returntocorp/semgrep
  rev: 'v1.15.0'
  hooks:
    - id: semgrep
      # See semgrep.dev/rulesets to select a ruleset and copy its URL
      args: ['--config', '<SEMGREP_RULESET_URL>', '--error', '--skip-unknown-extensions']

Version management

• asdf: ASDF Semgrep

Semgrep as an engine

Many other tools have functionality powered by Semgrep. Add yours with a pull request!

• DefectDojo
• Dracon
• GitLab SAST
• GuardDog
• libsast
• mobsfscan
• nodejsscan
• SALUS
• ScanMyCode CE (Community Edition)
• SecObserve

---

Find what you needed in this doc? Join the Semgrep Community Slack group to ask the maintainers and the community if you need help.