Semgrep Pricing

Under our most popular plan, Team, see custom pricing by selecting the products your team needs.

Open Source

Always free

Run unlimited scans locally


Available Products

Single-file code analysis for SAST

For individuals who want to scan code locally

Team

Recommended

Free up to 10 contributors
$70

/contributor/month


Available Products

For teams who want access to all Semgrep features

Enterprise Unlimited contributors

Custom

Enterprise features and support


Available Products

For larger organizations with custom requirements

Are you working at a startup?

Learn more about our startup offering.

Are you a security consultant?

Get a 2-week trial of Semgrep products with your business contact information.

Languages supported

N/A

6

6

Reachability rules

N/A

Advisory board

N/A

Dependency Search

N/A

License Compliance

N/A

Findings in pull/merge requests

N/A

Incident response

N/A

Steps provided to fix the issue

Steps provided to fix the issue

Support

N/A

8x5: private Slack channel + email (for paid users only)

Custom support, including a dedicated Technical Account Manager

Languages supported

30+

31+

31+

Community rule registry
Single file data-flow analysis
Pro Engine - Interfile data-flow analysis

N/A

Pro rules

N/A

Rule board

N/A

Autofix

N/A

Findings in pull/merge requests

N/A

Developer feedback

N/A

Private rules

N/A

Support

Community Slack

8x5: private Slack channel + email (for paid users only)

Custom support, including a dedicated Technical Account Manager

Languages supported

Regex-only analysis
via Semgrep OSS

30+

30+

Semantic Analysis

N/A

Validation

N/A

Custom rules for detecting secrets in internal services

N/A

Findings in pull/merge requests

N/A

Developer feedback

N/A

Support

Community Slack

8x5: private Slack channel + email (for paid users only)

Custom support, including a dedicated Technical Account Manager

Automatic CI/CD integration

N/A

Retention of findings

N/A

5 years

5 years
GitHub SCM supported

N/A

Enterprise (Cloud & Server), Free, Pro, Team

Enterprise (Cloud & Server), Free, Pro, Team

GitLab SCM supported

N/A

SaaS, Self-managed

SaaS, Self-managed

Alerting/notifications

N/A

Webhooks

N/A

SAML SSO

N/A

RBAC

N/A

REST API supported for dashboard and reporting

N/A

Single tenant options

N/A

N/A

Secure network broker

N/A

N/A

Support

Community Slack

8x5: private Slack channel + email (for paid users only)

Custom support, including a dedicated Technical Account Manager

Trusted by top companies

Frequently asked questions

A contributor is someone who made a commit to your organization's private repository scanned by Semgrep in the past month.

We love startups and many of us were security consultants in our previous roles! To get access to special pricing, contact us!

No. Semgrep runs either locally or fully in your CI pipeline, and your source code never leaves your computer or your CI environment. Only meta-data related to Semgrep runs (see docs) are sent to Semgrep's service.

If you opt-in to the public beta of Semgrep Assistant, Semgrep’s automated recommendations for triage and code remediation assisted by GPT-4, the Semgrep Assistant feature submits part of the file that has a finding in it to OpenAI for processing by a GPT model. OpenAI is not allowed to use the submitted code for training their models.

Users in the Team and Enterprise tier for Semgrep can publish rules to the Semgrep Registry as Private rules that are not visible to others outside their organization. The private rules enable you to hide code-sensitive information or legal requirements that prevent you from using a public registry.

Pro rules are proprietary rules written by our security research team with the goal to provide a set of supported rules with improved coverage (across languages and vulnerability types), leveraging the latest Semgrep features, and providing high-confidence results.

TESTIMONIALS

What people love about Semgrep