Semgrep Pricing

Open sourceStatic analysis

  • Semgrep Code (SAST) - Free

    • Open-source Engine

    • 2500+ Community rules

  • Semgrep Supply Chain (SCA) - Not Available

    • No Reachability Analysis

  • Semgrep Cloud Platform - Not Included

    • No management


For individuals who want to scan code locally

CommunityEverything in OSS, plus
  • Semgrep Code (SAST) - Free for up to 20 developers

    • Rules management

    • Findings in PR comments

  • Semgrep Supply Chain (SCA) - Not Available

    • No Reachability Analysis

  • Semgrep Cloud Platform - Included

    • Limited management


For small teams who want to try out Semgrep Code (SAST)

TeamEverything in Community, plus
  • Semgrep Code (SAST) - $40/dev/month

    • Pro Engine

    • 2750+ Community & Pro rules

  • Semgrep Supply Chain (SCA) - $40/dev/month

    • Reachability Analysis

  • Semgrep Cloud Platform - Included

    • All management features


For teams who want access to all features of Semgrep

Need a custom solution?

Talk to us about the Enterprise tier, including customized support plans and feature development.

Open source

Static analysis at ludicrous speed - Free

Community

Semgrep Code, free for up to 20 developers

Team

Semgrep Code - $40/dev/mo Semgrep Supply Chain - $40/dev/mo

Languages suported

30+

30+

31+

Community rule registry
Pricing Check Icon
Pricing Check Icon
Pricing Check Icon
Rule board

N/A

Pricing Check Icon
Pricing Check Icon
Autofix

N/A

Pricing Check Icon
Pricing Check Icon
Findings in pull/merge requests

N/A

Pricing Check Icon
Pricing Check Icon
Findings in CI workflow

N/A

Pricing Check Icon
Pricing Check Icon
Single file data-flow analysis
Pricing Check Icon
Pricing Check Icon
Pricing Check Icon
Pro Engine (beta) - Interfile data-flow analysis

N/A

N/A

Pricing Check Icon
Developer feedback

N/A

Pricing Check Icon
Pricing Check Icon
Pro rules

N/A

N/A

Pricing Check Icon
Private rules

N/A

N/A

Pricing Check Icon
Support

Community Slack

Community Slack

8x5: private Slack channel + email

Languages supported

N/A

N/A

6

Findings in pull/merge requests

N/A

N/A

Pricing Check Icon
Findings in CI workflow

N/A

N/A

Pricing Check Icon
Reachability rules

N/A

N/A

Pricing Check Icon
Advisory board

N/A

N/A

Pricing Check Icon
Incident response

N/A

N/A

Steps provided to fix the issue

Support

N/A

N/A

8x5: private Slack channel + email

Automatic CI/CD integration

N/A

Yes

Yes

Retention of findings

N/A

1 month

5 years
GitHub SCM supported

N/A

Free, Pro, Team

Enterprise (Cloud & Server), Free, Pro, Team

GitLab SCM supported

N/A

SaaS

SaaS, Self-managed
Alerting/notifications

N/A

Pricing Check Icon
Pricing Check Icon
Webhooks

N/A

N/A

Pricing Check Icon
SAML SSO

N/A

N/A

Pricing Check Icon
RBAC

N/A

N/A

Pricing Check Icon
REST API supported for dashboard and reporting

N/A

N/A

Pricing Check Icon
Support

Community Slack

Community Slack

8x5: private Slack channel + email

Trusted by top companies

Frequently asked questions

A developer seat is someone who made a commit to your organization's private repository scanned by Semgrep in the past month.

We love startups and many of us were security consultants in our previous roles! To get access to special pricing, contact us!

No. Semgrep runs fully in your CI pipeline and your source code never leaves your environment. Only meta-data related to Semgrep runs (see docs) are sent to Semgrep's service.

Users in the Team and Enterprise tier for Semgrep App can publish rules to the Semgrep Registry as Private rules that are not visible to others outside their organization. The private rules enable you to hide code-sensitive information or legal requirements that prevent you from using a public registry.

Pro rules are proprietary rules written by our security research team with the goal to provide a set of supported rules with improved coverage (across languages and vulnerability types), leveraging the latest Semgrep features, and providing high-confidence results.

TESTIMONIALS

What people love about Semgrep