Semgrep

Unclaimed

Static analysis for finding bugs

IDE & Code Editors Testing & QA Vulnerability Scanning

Visit Website

FreemiumVisit Website

TL;DR - Semgrep

Semgrep is a code analysis tool for finding bugs and enforcing standards
It scans code with lightweight pattern matching for security and quality
Free tier available, Team plans for more rules

Pricing: Free plan available

Best for: Growing teams

Score: 88/100

Pros & Cons

Pros

Code analysis tool
Good pattern matching
Multi-language
Active development
Good for security

Cons

Learning curve
Enterprise features paid
False positives
Configuration needed
Resource usage

Key Features

SAST scanning30+ languagesCustom rulesCross-file analysisAI auto-fixSCA scanningSecrets detectionSBOM generationLicense complianceIDE plugins

Pricing Plans

Community

Free

Open-source SAST engine
30+ languages
Community rules
Custom rules
Cross-function taint analysis
Pre-commit hooks
CLI access

Teams

$40

10 contributors free
Pro Rules and Pro Engine
Cross-file analysis
AI auto-triage and auto-fix
SSO
PR/MR integration
IDE plugins
Jira ticketing

Enterprise

All Teams features
Dedicated support
Custom integrations
Advanced RBAC

View full pricing

About Semgrep

By Toolradar Team·Updated Feb 24, 2026

Semgrep is a fast, open-source static analysis tool for finding bugs, detecting security vulnerabilities, and enforcing code standards across 30+ programming languages.

How we evaluate tools →Source: semgrep.dev

Reviews

No reviews yet. Be the first to review Semgrep!

Write a Review

Best Semgrep Alternatives

Top alternatives based on features, pricing, and user needs.

CheckmarxPaid

Application security testing platform

EscapePaid

The DAST for modern stacks, testing business logic to secure APIs and web applications.

TenzaiFree

AI-powered autonomous penetration testing for enterprise security.

PhylumPaid

Secure your software development lifecycle with AI-powered application risk management.

Peach SoftwareFreemium

Peach Software

GiskardFreemium

Proactive AI red teaming and LLM security platform to prevent vulnerabilities in production.

Slim.AIPaid

Self-healing open-source and container security that patches vulnerabilities without breaking changes.

Ixia (Keysight)Freemium

Ixia (Keysight)

See all IDE & Code Editors tools →

Explore More

Best IDE & Code Editors Tools Best Testing & QA Tools Best Vulnerability Scanning Tools

Semgrep FAQ

Is Semgrep open source?

Yes, the Community Edition is fully open-source and free, supporting 30+ languages with custom rules.

How many languages does Semgrep support?

Semgrep supports over 30 programming languages including Python, JavaScript, TypeScript, Go, Java, Ruby, and more.

Does Semgrep offer AI features?

Yes, Teams and Enterprise plans include an AI Assistant with auto-triage and auto-fix capabilities.

What is cross-file analysis?

Cross-file analysis (Pro Engine) tracks data flow across multiple files for more accurate vulnerability detection.

Does Semgrep detect secrets?

Yes, Secrets Detection is available as an add-on at $20/contributor/month with semantic and entropy analysis.

Source: semgrep.dev