Getting started


If you want the best introduction to writing Semgrep rules, use the interactive, example-based Semgrep rule tutorial.

Do it live!

You can write and share rules directly from the live editor. You can also write rules in your terminal and run Semgrep via a standalone CLI or Docker.

Reference material

  • Pattern syntax describes what Semgrep patterns can do in detail, and provides example use cases of the ellipsis operator, metavariables, and more.
  • Rule syntax describes Semgrep YAML rule files, which can have multiple patterns, detailed output messages, and autofixes. The syntax allows the composition of individual patterns with boolean operators.

Looking for ideas on what rules to write? See Rule examples for common use cases and prompts to help you start writing rules from scratch.