Semgrep logo


Static analysis at ludicrous speed.

Pricing: Free
Visit website

What is Semgrep?

Semgrep is a highly-configurable SAST tool that looks for recurring patterns in the syntax tree. It can either run locally using Docker or be integrated into the CI/CD pipeline with Github Actions.

Results are delivered as JSON files, allowing you to pipe the results into other tools, like jq in order to manipulate them.

More tools in Security Testing

Terrascan logo


Security Testing

Static code analyzer for Infrastructure as Code

gitleaks logo


Security Testing

Scan git repos (or files) for secrets using regex and entropy 🔑

Deepfence ThreatMapper logo

Deepfence ThreatMapper

Security Testing

Identify vulnerabilities in running containers, images, hosts and repositories