Skip to main content

    Licensing

    The following is a list of products offered by Semgrep, Inc., along with their license information.

    Semgrep OSS Engine
    Semgrep OSS Engine is an open source project licensed under LGPL 2.1. The proprietary extension of Semgrep OSS Engine is Semgrep Code, see also Terms of Service.
    Semgrep Code, Semgrep AppSec Platform, Semgrep Pro Engine, and Semgrep Pro rules
    Proprietary. See Terms of Service.
    Semgrep Secrets
    Proprietary. See Terms of Service.
    Semgrep Supply Chain
    Proprietary. See Terms of Service.
    Semgrep Registry

    Semgrep Registry is a collection of rules and rulesets:

    • Rules in the semgrep-rules repository are licensed LGPL 2.1 under Commons Clause v1.0. Review the semgrep-rules license.
    • Rules from third-party repositories in the Semgrep Registry inherit the licenses of their source repositories. These licenses are displayed within the rule definition in the editor. For example: Rules written by Trail of Bits security experts licensed under AGPL-3.0 license.
    • Premium rules are proprietary.

    License Semgrep for use

    If you are interested in using Semgrep products for your own solutions and code analysis tools, see the Semgrep FAQ page for more information.

    note

    In the Semgrep Registry, the license of each rule is displayed under the embedded rule preview. See the following screenshot with the license highlighted in red: Screenshot of a rule in Semgrep Registry


    Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.