Semgrep Pricing
Semgrep Pricing
Semgrep Code (SAST) - Free
Open-source Engine
2500+ Community rules
Semgrep Supply Chain (SCA) - Not Available
No Reachability Analysis
Semgrep Cloud Platform - Not Included
No management
For individuals who want to scan code locally
30+
30+
31+
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
Community Slack
Community Slack
8x5: private Slack channel + email
N/A
N/A
6
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
Steps provided to fix the issue
N/A
N/A
8x5: private Slack channel + email
N/A
Yes
Yes
N/A
1 month
N/A
Free, Pro, Team
Enterprise (Cloud & Server), Free, Pro, Team
N/A
SaaS
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
Community Slack
Community Slack
8x5: private Slack channel + email
Trusted by top companies
A developer seat is someone who made a commit to your organization's private repository scanned by Semgrep in the past month.
We love startups and many of us were security consultants in our previous roles! To get access to special pricing, contact us!
No. Semgrep runs fully in your CI pipeline and your source code never leaves your environment. Only meta-data related to Semgrep runs (see docs) are sent to Semgrep's service.
Users in the Team and Enterprise tier for Semgrep App can publish rules to the Semgrep Registry as Private rules that are not visible to others outside their organization. The private rules enable you to hide code-sensitive information or legal requirements that prevent you from using a public registry.
Pro rules are proprietary rules written by our security research team with the goal to provide a set of supported rules with improved coverage (across languages and vulnerability types), leveraging the latest Semgrep features, and providing high-confidence results.