Semgrep Pricing

Open Source

FREE

run unlimited scans locally


Available Products

Semgrep OSS Engine (SAST)

  • Open-source Engine

  • 2500+ Community-contributed rules

Software Composition Analysis (SCA)

For individuals who want to scan code locally

Team

FREE

for 10 monthly contributors


Available Products

Semgrep Supply Chain (SCA)

$40/contributor/month

  • Reachability rules

  • Dependency Search and License Compliance

  • Semgrep Cloud Platform

Semgrep Code (SAST)

$40/contributor/month

  • Pro Engine + Pro rules

  • Semgrep Cloud Platform

Semgrep Supply Chain and Semgrep Code

$60/contributor/month when both products purchased

For teams who want access to all features of Semgrep

Enterprise

Custom


Available Products

Semgrep Supply Chain (SCA)

  • All features of the Semgrep Supply Chain Team tier

Semgrep Code (SAST)

  • All features of the Semgrep Code Team tier

Enterprise-specific features

  • Single tenant options

  • Secure network broker

  • Dedicated Technical Account Manager

For larger organizations with custom requirements

Are you a security consultant?

Request your 2-week trial of Semgrep Code and Semgrep Supply Chain with your business contact information.

Open source

Static analysis at ludicrous speed - Free

Team

Semgrep Code - $40/dev/mo Semgrep Supply Chain - $40/dev/mo

Enterprise

Contact us for custom pricing and plans

Languages supported

N/A

6

6

Reachability rules

N/A

Pricing Tooltip Icon
Pricing Tooltip Icon
Advisory board

N/A

Pricing Tooltip Icon
Pricing Tooltip Icon
Dependency Search

N/A

Pricing Tooltip Icon
Pricing Tooltip Icon
License Compliance

N/A

Pricing Tooltip Icon
Pricing Tooltip Icon
Findings in pull/merge requests

N/A

Pricing Tooltip Icon
Pricing Tooltip Icon
Findings in CI workflow

N/A

Pricing Tooltip Icon
Pricing Tooltip Icon
Incident response

N/A

Steps provided to fix the issue

Steps provided to fix the issue

Support

N/A

8x5: private Slack channel + email (for paid users only)

Custom support, including a dedicated Technical Account Manager

Languages suported

30+

31+

31+

Community rule registry
Pricing Tooltip Icon
Pricing Tooltip Icon
Pricing Tooltip Icon
Single file data-flow analysis
Pricing Tooltip Icon
Pricing Tooltip Icon
Pricing Tooltip Icon
Pro Engine (beta) - Interfile data-flow analysis

N/A

Pricing Tooltip Icon
Pricing Tooltip Icon
Pro rules

N/A

Pricing Tooltip Icon
Pricing Tooltip Icon
Rule board

N/A

Pricing Tooltip Icon
Pricing Tooltip Icon
Autofix

N/A

Pricing Tooltip Icon
Pricing Tooltip Icon
Findings in pull/merge requests

N/A

Pricing Tooltip Icon
Pricing Tooltip Icon
Findings in CI workflow

N/A

Pricing Tooltip Icon
Pricing Tooltip Icon
Developer feedback

N/A

Pricing Tooltip Icon
Pricing Tooltip Icon
Private rules

N/A

Pricing Tooltip Icon
Pricing Tooltip Icon
Support

Community Slack

8x5: private Slack channel + email (for paid users only)

Custom support, including a dedicated Technical Account Manager

Automatic CI/CD integration

N/A

Pricing Tooltip Icon
Pricing Tooltip Icon
Retention of findings

N/A

5 years

5 years
GitHub SCM supported

N/A

Enterprise (Cloud & Server), Free, Pro, Team

Enterprise (Cloud & Server), Free, Pro, Team

GitLab SCM supported

N/A

SaaS, Self-managed

SaaS, Self-managed
Alerting/notifications

N/A

Pricing Tooltip Icon
Pricing Tooltip Icon
Webhooks

N/A

Pricing Tooltip Icon
Pricing Tooltip Icon
SAML SSO

N/A

Pricing Tooltip Icon
Pricing Tooltip Icon
RBAC

N/A

Pricing Tooltip Icon
Pricing Tooltip Icon
REST API supported for dashboard and reporting

N/A

Pricing Tooltip Icon
Pricing Tooltip Icon
Single tenant options

N/A

N/A

Pricing Tooltip Icon
Secure network broker

N/A

N/A

Pricing Tooltip Icon
Support

Community Slack

8x5: private Slack channel + email (for paid users only)

Custom support, including a dedicated Technical Account Manager

Trusted by top companies

Frequently asked questions

A contributor is someone who made a commit to your organization's private repository scanned by Semgrep in the past month.

We love startups and many of us were security consultants in our previous roles! To get access to special pricing, contact us!

No. Semgrep runs either locally or fully in your CI pipeline, and your source code never leaves your computer or your CI environment. Only meta-data related to Semgrep runs (see docs) are sent to Semgrep's service.

If you opt-in to the public beta of Semgrep Assistant, Semgrep’s automated recommendations for triage and code remediation assisted by GPT-4, the Semgrep Assistant feature submits part of the file that has a finding in it to OpenAI for processing by a GPT model. OpenAI is not allowed to use the submitted code for training their models.

Users in the Team and Enterprise tier for Semgrep App can publish rules to the Semgrep Registry as Private rules that are not visible to others outside their organization. The private rules enable you to hide code-sensitive information or legal requirements that prevent you from using a public registry.

Pro rules are proprietary rules written by our security research team with the goal to provide a set of supported rules with improved coverage (across languages and vulnerability types), leveraging the latest Semgrep features, and providing high-confidence results.

TESTIMONIALS

What people love about Semgrep