Supported languages for Semgrep CE
This document provides information about supported languages for Semgrep Community Edition (Semgrep CE) and Semgrep Code.
Semgrep Code and Community Edition
Semgrep CE is a fast, lightweight program analysis tool that can help you detect bugs in your code. It makes use of Semgrep's LGPL 2.1 open source engine. These languages are supported by the Semgrep community, at best effort.
Semgrep Code is a static application security testing (SAST) solution designed to detect complex security vulnerabilities. It makes use of proprietary Semgrep analyses, such as cross-file (interfile) dataflow analysis and framework specific analyses, in addition to Semgrep CE. This results in a higher true positive rate than Semgrep CE. Semgrep Code provides the highest quality support by the Semgrep team: reported issues are resolved promptly.
Use either tool to scan local code or integrate it into your CI/CD pipeline to automate the continuous scanning of your repositories.
| Languages | 🚀 Semgrep Code: Free for small teams | Semgrep CE |
| C / C++ | Generally available • Cross-file dataflow analysis • 150+ Pro rules | Community supported • Limited to single-function analysis • Community rules |
| C# | Generally available • Cross-file dataflow analysis • Supports up to C# 13 • 40+ Pro rules | Community supported • Limited to single-function analysis • Community rules • Supports up to C# 7.0 |
| Go | Generally available • Cross-file dataflow analysis • 60+ Pro rules | Community supported • Limited to single-function analysis • Community rules |
| Java | Generally available • Cross-file dataflow analysis • Framework-specific control flow analysis • 160+ Pro rules | |
| JavaScript | Generally available • Cross-file dataflow analysis • Framework-specific control flow analysis • 70+ Pro rules | |
| Kotlin | Generally available • Cross-file dataflow analysis • 60+ Pro rules | |
| Python | Generally available • Cross-file dataflow analysis • Framework-specific control flow analysis • 300+ Pro rules • See Python-specific support details | |
| Typescript | Generally available • Cross-file dataflow analysis • Framework-specific control flow analysis • 70+ Pro rules | |
| Ruby | Generally available • Cross-function dataflow analysis • 20+ Pro rules | |
| Rust | Generally available • Cross-function dataflow analysis • 40+ Pro rules | |
| JSX | Generally available • Cross-function dataflow analysis • 70+ Pro rules | |
| PHP | Generally available • Cross-function dataflow analysis • 20+ Pro rules | |
| Scala | Generally available • Cross-function dataflow analysis • Community rules | |
| Swift | Generally available • Cross-function dataflow analysis • 50+ Pro rules | |
| Terraform | Generally available • Cross-function dataflow analysis • Community rules | |
| Generic | Generally available | Community supported |
| JSON | Generally available | |
| APEX | Beta | Not available |
| Elixir | Beta |
Click to view experimental languages.
- Bash
- Cairo
- Circom
- Clojure
- Dart
- Dockerfile
- Hack
- HTML
- Jsonnet
- Julia
- Lisp
- Lua
- Move on Aptos
- Move on Sui
- OCaml
- R
- Scheme
- Solidity
- YAML
- XML
Language maturity definitions
Semgrep Code languages can be classified into four maturity levels:
- Generally available (GA)
- Beta
- Experimental
- Community supported*
*Community supported languages meet the parse rate and syntax requirements of Experimental languages. Users can still access community rules or write their own rules.
| Feature | GA | Beta | Experimental | Community supported |
| Support | Highest quality support by the Semgrep team. Reported issues are resolved promptly. | Supported by the Semgrep team. Reported issues are fixed after GA languages. | There are limitations to this language's functionality. Reported issues are tracked and prioritized with best effort. | These languages are supported by the Semgrep community. While Semgrep may develop rules or engine updates for these languages, they are not prioritized. |
| Parse Rate | 99%+ | 95%+ | 90%+ | |
| Number of Pro rules | 10+ | 5+ | 0+. Query the Registry to see if any rules exist for your language. | |
| Semgrep syntax | Regex, equivalence, deep expression operators, types and typing. All features supported in Beta. | Complete metavariable support, metavariable equality. All features supported in Experimental. | Syntax, ellipsis operator, basic metavariable functionality. | |
Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.