Semgrep Pro Engine

Advanced code analysis with interfile capabilities and enterprise language support

Analyze code across files

Pro Engine uses advanced dataflow analysis to reduce the number of false positives and discover new true positives across files.

Interfile analysis is available for C, C++, Golang, Java, Kotlin, and JavaScript/TypeScript.

Analyze code across function boundaries

Pro Engine provides interprocedural analysis, including dataflow analysis methods such as taint analysis, constant propagation, and typed metavariables.

Interprocedural analysis is available for all languages supported by Semgrep and is currently experimental.

Support for enterprise languages

In addition to all the languages supported by Semgrep Community Edition, Semgrep Pro Engine also supports enterprise languages such as Apex.

Find deeper issues with more accuracy

  • Discover more true positives: advanced code analysis helps uncover more complex vulnerabilities across files and procedures.

  • Reduce false positives: dataflow analysis features such as taint-tracking can, for example, see whether tainted user inputs are able to reach an unsafe SQL statement via a long chain of function calls.

Works without compiled code

  • Easily scan your code and avoid rollout and management headaches.

  • Scan more rapidly than other advanced analysis tools.

Easily write and customize rules

  • Rule syntax is very similar to the source code itself -> no need to understand abstract syntax trees or learn a domain-specific language.

  • For interfile analysis, Golang, Java, JavaScript, Kotlin, and TypeScript are supported.

  • For interprocedural analysis, 30+ languages are supported.