Skip to main content

Licensing

The following is a list of products offered by Semgrep, Inc., along with their license information.

Semgrep OSS Engine
Semgrep OSS Engine is an open source project licensed under LGPL 2.1. The proprietary extension of Semgrep OSS Engine is Semgrep Code, see also Terms of Service.
Semgrep AppSec Platform
Proprietary. See Terms of Service.
Semgrep Code and Semgrep Pro rules
Proprietary. See Terms of Service.
Semgrep Secrets
Proprietary. See Terms of Service.
Semgrep Supply Chain
Proprietary. See Terms of Service.
Semgrep Registry

Semgrep Registry is a collection of rules and rulesets:

  • Rules in the semgrep-rules repository are licensed LGPL 2.1 under Commons Clause v1.0. Review the semgrep-rules license.
  • Rules from third-party repositories in the Semgrep Registry inherit the licenses of their source repositories. These licenses are displayed within the rule definition in the editor. For example: Rules written by Trail of Bits security experts licensed under AGPL-3.0 license.
  • Premium rules are proprietary.

License Semgrep for use

If you are interested in using Semgrep products for your own solutions and code analysis tools, see the Semgrep FAQ page for more information.

note

In the Semgrep Registry, the license of each rule is displayed under the embedded rule preview. See the following screenshot with the license highlighted in red: Screenshot of a rule in Semgrep Registry


Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.