Products
- Semgrep Code
  Find and fix the issues that matter in your code (SAST)
- Semgrep Supply Chain
  Find and fix reachable dependency vulnerabilities (SCA)
- Semgrep Secrets
  Find and fix hardcoded secrets with semantic analysis
- Semgrep Assistant
  Get triage and code fix recommendations from AI
- Semgrep AppSec Platform
  Automate, manage, and enforce security across your organization
- Semgrep Pro Engine
  Find more true positives and fewer false positives with dataflow analysis
- Product Updates
  Stay up to date on changes to the Semgrep platform, big and small
Solutions
- Software supply chain security
  Mitigate software supply chain risks
- Static application security testing
  Increase security while accelerating development
- OWASP Top 10
  Prevent the most critical web application security risks
Resources
- Docs
  Want to read all the docs? Start here
- Blog
  Get the latest news about Semgrep
- ROI Calculator
  See how Semgrep can save you time and money
- Community Slack
  Join the friendly Slack group to ask questions or share feedback
- Events
  Join us at a Semgrep Event!
- Case Studies
  See why users love Semgrep
- Video Library
  View our library of on-demand webinars
Company
- About
  The Semgrep story & values
- Careers
  Join the team!
- Partners
  Become a Semgrep partner
Pricing
Sign in
Product support
Contact us
Book demo Try for free

Protect Your Code with Secure Guardrails

Fix critical vulnerabilities today while guiding developers towards practices that prevent vulnerabilities tomorrow

Code

$40

per contributor per month

features

Cross-file analysis
Pro rules
Semgrep Assistant (AI)

Try now: up to 10 contributors free

Supply Chain

$40

per contributor per month

features

Dataflow reachability analysis
License compliance
Dependency search + SBOM

Try now: up to 10 contributors free

Secrets

$20

per contributor per month

features

Secret validation
Semantic analysis
Entropy analysis

Book a demo

Loved by leading engineering teams

Frequently Asked Questions (FAQs)

How are contributors counted?

A contributor is someone who made a commit to your organization's private repository scanned by Semgrep in the past month.

Is there special pricing for security consultants?

Many of us were security consultants in our previous roles! To inquire about using Semgrep in your consulting work, contact us.

Is there special pricing for early state startups?

Yes, and we love startups! To get access to special pricing, contact us!

Is private source code shared with Semgrep, Inc?

No. Semgrep runs either locally or fully in your CI pipeline, and your source code never leaves your computer or your CI environment. Only meta-data related to Semgrep runs (see docs) are sent to Semgrep's service.

If you opt-in to Semgrep Assistant, Semgrep’s automated recommendations for triage and code remediation assisted by GPT-4, the Semgrep Assistant feature submits part of the file that has a finding in it to OpenAI for processing by a GPT model. OpenAI is not allowed to use the submitted code for training their models.

If you opt-in to Semgrep managed scanning, allowing onboarding of repositories and their scanning without the need for per-project provisioning, then Semgrep’s service clones your repository at the beginning of every scan. Once the scan completes, the clone is destroyed and is not persisted anywhere.

What are private and pro rules?

Users in the Team and Enterprise tier for Semgrep can publish rules to the Semgrep Registry as Private rules that are not visible to others outside their organization. The private rules enable you to hide code-sensitive information or legal requirements that prevent you from using a public registry.

Pro rules are proprietary rules written by our security research team with the goal to provide a set of supported rules with improved coverage (across languages and vulnerability types), leveraging the latest Semgrep features, and providing high-confidence results.

Need something custom?

Ask us about our Enterprise tier, including customized support plans and feature development.