- Semgrep Supply Chain
- Semgrep OSS Engine
- Team & Enterprise Tier
Supported languages
This document provides information about supported languages and language maturity definitions for the following products:
- Semgrep Code
- Semgrep OSS
For commercial Semgrep offerings, check the Semgrep Pro > Supported languages page.
Semgrep Code and OSSโ
Semgrep OSS is a fast, lightweight program analysis tool that can help you detect security issues in your code. It makes use of Semgrep's LGPL 2.1 open-source engine.
Semgrep Code is a static application security testing SAST solution that uses both Semgrep OSS Engine and a proprietary Semgrep Pro engine. This engine can perform more complex code analyses, resulting in a higher true positive rate than Semgrep OSS.
Use either tool to scan local code or integrate it into your CI/CD pipeline to automate the continuous scanning of your repositories.
| Product | Analysis |
|---|---|
| Semgrep OSS |
|
| Semgrep Code |
|
Language maturity levelsโ
Semgrep Code languages can be classified into four maturity levels:
- Generally available (GA)
- Beta
- Experimental
- Community supported*
*Community supported languages meet the parse rate and syntax requirements of Experimental languages. Users can still access community rules or write their own rules.
Their differences are outlined in the following table:
| Feature | GA | Beta | Experimental | Community supported |
| Parse Rate | 99%+ | 95%+ | 90%+ | |
| Number of rules | 10+ | 5+ | 0+. Query the Registry to see if any rules exist for your language. | |
| Semgrep syntax | Regex, equivalence, deep expression operators, types and typing. All features supported in Beta. | Complete metavariable support, metavariable equality. All features supported in Experimental. | Syntax, ellipsis operator, basic metavariable functionality. | |
| Support | Highest quality support by the Semgrep team. Reported issues are resolved promptly. | Supported by the Semgrep team. Reported issues are fixed after GA languages. | There are limitations to this language's functionality. Reported issues are tracked and prioritized with best effort. | These languages are supported by the Semgrep community. While Semgrep may develop rules or engine updates for these languages, they are not prioritized. |
Semgrep Code language supportโ
Semgrep Code supports over 30 languages and counting! ๐
| Language | Maturity level | Cross-function analysis | Cross-file analysis |
|---|---|---|---|
| C | GA | โ | โ |
| C++ | GA | โ | โ |
| C# | GA | โ | โ |
| Go | GA | โ | โ |
| Java | GA | โ | โ |
| JavaScript | GA | โ | โ |
| Kotlin | GA | โ | โ |
| TypeScript | GA | โ | โ |
| Ruby | GA | โ | -- |
| Rust | GA | โ | -- |
| JSX | GA | โ | -- |
| PHP | GA | โ | -- |
| Python | GA | โ | -- |
| Scala | GA | โ | -- |
| Swift | GA | โ | -- |
| Generic | GA | -- | -- |
| JSON | GA | -- | -- |
| Terraform | GA | -- | -- |
| Apex | Beta | โ | -- |
| Elixir | Beta | โ | -- |
The following languages are Experimental:
- Bash
- Cairo
- Clojure
- Dart
- Dockerfile
- Hack
- HTML
- Jsonnet
- Julia
- Lisp
- Lua
- Ocaml
- R
- Scheme
- Solidity
- YAML
- XML
If you'd like to request a language not shown here, please create an issue on the Semgrep GitHub repo.
Semgrep OSS language supportโ
All Semgrep OSS languages are community supported. Community supported languages meet the parse rate and syntax requirements of experimental languages in Semgrep Code. Semgrep OSS uses Semgrep's open source engine.
Community supported languages have varying levels of rule coverage - check the registry and filter out Pro rules to see the level of coverage for OSS.
Click to view Semgrep OSS languages.
- Bash
- C
- C++
- C#
- Cairo
- Clojure
- Dart
- Dockerfile
- Generic
- Go
- Hack
- HTML
- Java
- JavaScript
- JSON
- Jsonnet
- Julia
- Lisp
- Lua
- Kotlin
- Ruby
- Rust
- JSX
- Ocaml
- PHP
- Python
- R
- Scala
- Scheme
- Solidity
- Swift
- TypeScript
- YAML
- XML
More informationโ
Visit the cheat sheet generation script and associated semgrep-core test files to learn more about each feature:
Visit the Semgrep public language dashboard to see the parse rates for each language
Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.