Pro Engine

Semgrep Pro Engine

Upgrade your Semgrep OSS experience

Semgrep Pro Engine

Advanced code analysis for detecting vulnerabilities across files + support for enterprise languages

Analyze code across files

Pro Engine uses advanced dataflow analysis to reduce the number of false positives and discover new true positives across files.

Interfile analysis is available for Java and JavaScript/TypeScript.

Analyze code across function boundaries

Pro Engine provides interprocedural analysis, including dataflow analysis methods such as taint analysis, constant propagation, and typed metavariables.

Interprocedural analysis is available for all languages supported by Semgrep and is currently experimental.

Support for enterprise languages

In addition to all the languages supported by Semgrep OSS Engine, Pro Engine also supports enterprise languages such as Apex.

Finds deep issue, more accurately

Reduces false positives: dataflow analysis features such as taint-tracking find whether, for instance, tainted user input may reach an unsafe SQL statement via a long chain of function calls
Discovers more true positives: advanced code analysis helps find more complex vulnerabilities across files and procedures

Works without compiled code

Easily scan your code and avoid rollout and management headaches
Scan more rapidly than other advanced analysis tools

Easily write rules

Rule syntax is very similar to the source code itself -> no need to understand abstract syntax trees or learn a new domain-specific language
For interfile analysis, Java, JavaScript, and TypeScript are supported
For interprocedural analysis, 30+ languages are supported