Pro Engine

Semgrep Pro Engine

Supercharge Semgrep OSS Capabilities

Semgrep Pro Engine

Advanced code analysis with interfile capabilities and enterprise language support

Semgrep OSS EngineSemgrep Pro EngineClick here to see the results with Semgrep Pro Engine

See how inter-file and interprocedural analysis make Pro Engine more comprehensive and more accurate

Analyze code across files

Pro Engine uses advanced dataflow analysis to reduce the number of false positives and discover new true positives across files.

Interfile analysis is available for Golang, Java, Kotlin, and JavaScript/TypeScript.

Analyze code across function boundaries

Pro Engine provides interprocedural analysis, including dataflow analysis methods such as taint analysis, constant propagation, and typed metavariables.

Interprocedural analysis is available for all languages supported by Semgrep and is currently experimental.

Support for enterprise languages

In addition to all the languages supported by Semgrep OSS Engine, Pro Engine also supports enterprise languages such as Apex.

Finds deep issues with more accuracy

Discover more true positives: advanced code analysis helps uncover more complex vulnerabilities across files and procedures.
Reduce false positives: dataflow analysis features such as taint-tracking can, for example, see whether tainted user inputs are able to reach an unsafe SQL statement via a long chain of function calls.

Works without compiled code

Easily scan your code and avoid rollout and management headaches.
Scan more rapidly than other advanced analysis tools.

Easily write and customize rules

Rule syntax is very similar to the source code itself -> no need to understand abstract syntax trees or learn a domain-specific language.
For interfile analysis, Golang, Java, JavaScript, Kotlin, and TypeScript are supported.
For interprocedural analysis, 30+ languages are supported.