Skip to main content

Supported source code managers

Semgrep supports the following source code managers (SCM) and plans to varying degrees. Please review the information for your specific SCM and plan to see what Semgrep features are available to you.

If any of the following conditions apply to you, you may need to add Semgrep's IP addresses to your ingress and egress allowlists, or you can use the Network Broker:

  • Your SCM offers security features that limit access to your resources
  • Your SCM is behind a firewall or protected by network restrictions regarding access
  • You are using a virtual private network (VPN)
PlanUnsupported Semgrep features
Azure DevOps Cloud
  • Query console
  • Auto PRs for Supply Chain findings
Azure DevOps Server
  • Semgrep Assistant
  • Semgrep Managed Scans
  • Pull request comments
  • Query console
  • Diff-aware scans
  • Sending findings to Semgrep AppSec Platform
  • Default branch identification
  • Auto PRs for Supply Chain findings
Bitbucket Cloud Free
  • Semgrep Assistant†
  • Semgrep Managed Scan†
  • Query console
  • Auto PRs for Supply Chain findings
Bitbucket Cloud Standard
  • Semgrep Assistant†
  • Semgrep Managed Scan†
  • Query console
  • Auto PRs for Supply Chain findings
Bitbucket Cloud Premium
  • Query console
  • Auto PRs for Supply Chain findings
Bitbucket Data Center
  • Semgrep Assistant
  • Query console
  • Diff-aware scans require Bitbucket Data Center version 8.8 or later.
  • Auto PRs for Supply Chain findings
GitHub Free-
GitHub Pro-
GitHub Team-
GitHub Enterprise Cloud-
GitHub Enterprise Server
  • Auto PRs for Supply Chain findings
GitLab Free
  • Semgrep Managed Scans*
  • Query console
  • Auto PRs for Supply Chain findings
GitLab Premium
  • Query console
  • Auto PRs for Supply Chain findings
GitLab Ultimate
  • Query console
  • Auto PRs for Supply Chain findings
GitLab Dedicated / Dedicated for Government
  • Query console
  • Auto PRs for Supply Chain findings
GitLab Self-Managed Free
  • Semgrep Managed Scans*
    Query console
  • Auto PRs for Supply Chain findings
GitLab Self-Managed Premium
  • Query console
  • Auto PRs for Supply Chain findings
GitLab Self-Managed Ultimate
  • Query console
  • Auto PRs for Supply Chain findings

Semgrep Assistant and Managed Scans require a workspace access token, which is only available to users with Bitbucket Cloud Premium.

*Semgrep Managed Scans requires access to group webhooks, which is unavailable to GitLab Free users.

Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.