Licensing
The following is a list of products offered by Semgrep, Inc., along with their license information.
- Semgrep OSS Engine
- Semgrep OSS Engine is an open source project licensed under LGPL 2.1. The proprietary extension of Semgrep OSS Engine is Semgrep Code, see also Terms of Service.
- Semgrep AppSec Platform
- Proprietary. See Terms of Service.
- Semgrep Code and Semgrep Pro rules
- Proprietary. See Terms of Service.
- Semgrep Secrets
- Proprietary. See Terms of Service.
- Semgrep Supply Chain
- Proprietary. See Terms of Service.
- Semgrep Registry
Semgrep Registry is a collection of rules and rulesets:
- Rules in the semgrep-rules repository are licensed LGPL 2.1 under Commons Clause v1.0. Review the semgrep-rules license.
- Rules from third-party repositories in the Semgrep Registry inherit the licenses of their source repositories. These licenses are displayed within the rule definition in the editor. For example: Rules written by Trail of Bits security experts licensed under AGPL-3.0 license.
- Premium rules are proprietary.
License Semgrep for use
If you are interested in using Semgrep products for your own solutions and code analysis tools, see the Semgrep FAQ page for more information.
note
In the Semgrep Registry, the license of each rule
is displayed under the embedded rule preview. See the following screenshot with
the license highlighted in red:
Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.