Licensing
The following is a list of products offered by Semgrep, Inc., along with their license information.
- Semgrep Registry
The Semgrep Registry is a collection of rules and rulesets:
- All rules, which includes both Community and Pro rules, listed in the semgrep-rules repository are licensed under Semgrep Rules License v.1.0. They are available only for internal business use. Vendors cannot use Semgrep-maintained rules in competing products or SaaS offerings. Individuals, security consultants, and companies are welcome to use the rules internally.
- Rules from third-party repositories in the Semgrep Registry inherit the licenses of their source repositories. These licenses are displayed within the rule definition in the editor. For example: Rules written by Trail of Bits security experts licensed under AGPL-3.0 license.
- Semgrep AppSec Platform
- Proprietary. See Terms of Service.
- Semgrep Code
- Proprietary. See Terms of Service.
- Semgrep Secrets
- Proprietary. See Terms of Service.
- Semgrep Supply Chain
- Proprietary. See Terms of Service.
- Semgrep Community Edition
- The Semgrep Community Edition engine is an open source project licensed under LGPL 2.1. The proprietary extension of Semgrep CE is Semgrep Code, see also Terms of Service.
License Semgrep for use
If you are interested in using Semgrep products for your own solutions and code analysis tools, send us an email at partnerships@semgrep.com
Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.