Semgrep Pricing
Open sourceStatic analysis
Semgrep Code (SAST) - Free
Open-source Engine
2500+ Community rules
Semgrep Supply Chain (SCA) - Not Available
No Reachability Analysis
Semgrep Cloud Platform - Not Included
No management
For individuals who want to scan code locally
Languages suported
30+
30+
31+
Community rule registry
Rule board
N/A
Autofix
N/A
Findings in pull/merge requests
N/A
Findings in CI workflow
N/A
Single file data-flow analysis
Pro Engine (beta) - Interfile data-flow analysis
N/A
N/A
Developer feedback
N/A
Pro rules
N/A
N/A
Private rules
N/A
N/A
Support
Community Slack
Community Slack
8x5: private Slack channel + email
Languages supported
N/A
N/A
6
Findings in pull/merge requests
N/A
N/A
Findings in CI workflow
N/A
N/A
Reachability rules
N/A
N/A
Advisory board
N/A
N/A
Incident response
N/A
N/A
Steps provided to fix the issue
Support
N/A
N/A
8x5: private Slack channel + email
Automatic CI/CD integration
N/A
Yes
Yes
Retention of findings
N/A
1 month
5 years
GitHub SCM supported
N/A
Free, Pro, Team
Enterprise (Cloud & Server), Free, Pro, Team
GitLab SCM supported
N/A
SaaS
SaaS, Self-managed
Alerting/notifications
N/A
Webhooks
N/A
N/A
SAML SSO
N/A
N/A
RBAC
N/A
N/A
REST API supported for dashboard and reporting
N/A
N/A
Support
Community Slack
Community Slack
8x5: private Slack channel + email
Trusted by top companies
A developer seat is someone who made a commit to your organization's private repository scanned by Semgrep in the past month.
We love startups and many of us were security consultants in our previous roles! To get access to special pricing, contact us!
No. Semgrep runs fully in your CI pipeline and your source code never leaves your environment. Only meta-data related to Semgrep runs (see docs) are sent to Semgrep's service.
Users in the Team and Enterprise tier for Semgrep App can publish rules to the Semgrep Registry as Private rules that are not visible to others outside their organization. The private rules enable you to hide code-sensitive information or legal requirements that prevent you from using a public registry.
Pro rules are proprietary rules written by our security research team with the goal to provide a set of supported rules with improved coverage (across languages and vulnerability types), leveraging the latest Semgrep features, and providing high-confidence results.
TESTIMONIALS
