Semgrep Pricing
Open Source
FREE
run unlimited scans locally
Available Products
Semgrep OSS Engine (SAST)
Open-source Engine
2500+ Community-contributed rules
Software Composition Analysis (SCA)
Team
FREE
for 10 monthly contributors
Available Products
Semgrep Supply Chain (SCA)
$40/contributor/month
Reachability rules
Dependency Search and License Compliance
Semgrep Cloud Platform
Semgrep Code (SAST)
$40/contributor/month
Pro Engine + Pro rules
Semgrep Cloud Platform
Semgrep Supply Chain and Semgrep Code
$60/contributor/month when both products purchased
Enterprise
Custom
Available Products
Semgrep Supply Chain (SCA)
All features of the Semgrep Supply Chain Team tier
Semgrep Code (SAST)
All features of the Semgrep Code Team tier
Enterprise-specific features
Single tenant options
Secure network broker
Dedicated Technical Account Manager
Languages supported
N/A
6
6
Reachability rules
N/A
Advisory board
N/A
Dependency Search
N/A
License Compliance
N/A
Findings in pull/merge requests
N/A
Findings in CI workflow
N/A
Incident response
N/A
Steps provided to fix the issue
Steps provided to fix the issue
Support
N/A
8x5: private Slack channel + email (for paid users only)
Custom support, including a dedicated Technical Account Manager
Languages suported
30+
31+
31+
Community rule registry
Single file data-flow analysis
Pro Engine (beta) - Interfile data-flow analysis
N/A
Pro rules
N/A
Rule board
N/A
Autofix
N/A
Findings in pull/merge requests
N/A
Findings in CI workflow
N/A
Developer feedback
N/A
Private rules
N/A
Support
Community Slack
8x5: private Slack channel + email (for paid users only)
Custom support, including a dedicated Technical Account Manager
Automatic CI/CD integration
N/A
Retention of findings
N/A
5 years
5 years
GitHub SCM supported
N/A
Enterprise (Cloud & Server), Free, Pro, Team
Enterprise (Cloud & Server), Free, Pro, Team
GitLab SCM supported
N/A
SaaS, Self-managed
SaaS, Self-managed
Alerting/notifications
N/A
Webhooks
N/A
SAML SSO
N/A
RBAC
N/A
REST API supported for dashboard and reporting
N/A
Single tenant options
N/A
N/A
Secure network broker
N/A
N/A
Support
Community Slack
8x5: private Slack channel + email (for paid users only)
Custom support, including a dedicated Technical Account Manager
Trusted by top companies
A contributor is someone who made a commit to your organization's private repository scanned by Semgrep in the past month.
We love startups and many of us were security consultants in our previous roles! To get access to special pricing, contact us!
No. Semgrep runs either locally or fully in your CI pipeline, and your source code never leaves your computer or your CI environment. Only meta-data related to Semgrep runs (see docs) are sent to Semgrep's service.
If you opt-in to the public beta of Semgrep Assistant, Semgrep’s automated recommendations for triage and code remediation assisted by GPT-4, the Semgrep Assistant feature submits part of the file that has a finding in it to OpenAI for processing by a GPT model. OpenAI is not allowed to use the submitted code for training their models.
Users in the Team and Enterprise tier for Semgrep App can publish rules to the Semgrep Registry as Private rules that are not visible to others outside their organization. The private rules enable you to hide code-sensitive information or legal requirements that prevent you from using a public registry.
Pro rules are proprietary rules written by our security research team with the goal to provide a set of supported rules with improved coverage (across languages and vulnerability types), leveraging the latest Semgrep features, and providing high-confidence results.
TESTIMONIALS
