Semgrep

Static analysis at ludicrous speed.

Security Testing Tools

•

Free

Visit Website

Are You Really Agile?

Featured

Is your QA team truly Agile? PractiTest’s new ebook, helps QA leaders identify gaps and elevate their processes. Get a free self-assessment to see where your team stands, plus practical tips for each testing phase—from Shift-Left Testing to Retrospectives. Ready to transform your QA practices? Download your free copy now!

Semgrep is a highly-configurable SAST tool that looks for recurring patterns in the syntax tree. It can either run locally using Docker or be integrated into the CI/CD pipeline with Github Actions.

Results are delivered as JSON files, allowing you to pipe the results into other tools, like jq in order to manipulate them.

Tags:

Githubopen sourceDocker

Share this tool on: