Integrations

Semgrep supports a wide range of integrations so that security teams and developers can find and fix issues within their workflows.

Continuous integration tools

Semgrep integrates with source code management and CI tooling to scan your projects and present findings to developers via PR/MR comments, alongside the necessary context for remediation.

This ensures that developers can address security issues without context-switching, and DevOps and IT teams can seamlessly weave security into their existing processes.

Notifications

Semgrep integrates seamlessly with the alerting tools you and your developers use so they view security issues within their preferred tool.

IDE extensions

In addition to running as a PR check or pre-commit hook, Semgrep can scan in the IDE, helping developers secure their code at the speed of linting.

Languages and frameworks

Semgrep supports 30+ languages and frameworks (such as Express, Spring, Java Servlets, Laravel, Go net/HTTP, React, Next.js, and Angular) for SAST and 9 for SCA.

SSO

Semgrep Platform can connect to your organization using SSO options so that you have enhanced security and your team does not have to remember passwords. Semgrep Platform supports popular SSO options such as OpenID Connect / OAuth2 and SAML 2.0.

ASPM

Vendors that have an integration with Semgrep Platform and use Semgrep Pro Engine and/or Semgrep OSS Engine.

What people love about Semgrep

"Had my first go at using @semgrep and quite like it. The capability of using base reference so it only reports on the diff from last commit is brilliant to keep it relevant to what is being worked on."

@madplatt
via Twitter / X

"Consantly reminded at how awesome @r2cdev's Semgrep is. From 0 to "check for missing authorisation logic" in about 15 mins."

@xntrik
via Twitter / X

"I am about to codify two years of institutional knowledge in a matter of weeks with audit rules and inner joins."

@lapt0r
via Twitter / X

"If you haven’t tried Semgrep out yet you really need to. Also *really* deep dive with it. Despite some of its rougher edges, it’s an insanely powerful code exploration tool."

@d0nutptr
via Twitter / X

"> Use semgrep once > Write DevSecOps expert on your personal website > Profit"

MortoOnTech
via Twitter / X