Get Started With Semgrep Code
Analyze code across function boundaries
Pro Engine provides interprocedural analysis, including dataflow analysis methods such as taint analysis, constant propagation, and typed metavariables.
Interprocedural analysis is available for all languages supported by Semgrep and is currently experimental.
Support for enterprise languages
In addition to all the languages supported by Semgrep OSS Engine, Pro Engine also supports enterprise languages such as Apex.
Reduces false positives: dataflow analysis features such as taint-tracking find whether, for instance, tainted user input may reach an unsafe SQL statement via a long chain of function calls
Discovers more true positives: advanced code analysis helps find more complex vulnerabilities across files and procedures
Please click on Semgrep OSS Engine and then on Semgrep Pro Engine to see the difference in results.