# semgrep/semgrep

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/semgrep-semgrep).**

14,180 stars · 874 forks · OCaml · lgpl-2.1

## Links

- GitHub: https://github.com/semgrep/semgrep
- Homepage: https://semgrep.dev
- awesome-repositories: https://awesome-repositories.com/repository/semgrep-semgrep.md

## Topics

`c` `go` `java` `javascript` `python` `r2c` `ruby` `sast` `semgrep` `static-analysis` `static-code-analysis` `typescript`

## Description

Semgrep is a static analysis security testing tool designed to identify vulnerabilities and logic errors by matching source code against declarative patterns. It functions as an automated scanner that integrates into development workflows to detect insecure code patterns and enforce coding standards before deployment.

The engine utilizes a language-agnostic intermediate representation and a modular parser architecture to normalize diverse programming languages into a unified format. This allows for consistent rule execution across different codebases, enabling users to perform custom structural searches and track the flow of untrusted data through an application.

Beyond security vulnerability detection, the tool supports automated code quality enforcement and supply chain security analysis. It optimizes performance through incremental scanning, which monitors file modifications to re-analyze only the segments that have changed. The platform also facilitates integration with external security systems and developer assistants by exposing analysis findings through standardized communication protocols.

## Tags

### Testing & Quality Assurance

- [Static Code Analysis Tools](https://awesome-repositories.com/f/testing-quality-assurance/code-quality-review/code-quality-tools/static-code-analysis-tools.md) — Identifies security vulnerabilities and logic errors by matching source code patterns against defined rules.

### Security & Cryptography

- [Security Code Scanners](https://awesome-repositories.com/f/security-cryptography/security/utilities/security-tools/vulnerability-assessment-tools/security-code-scanners.md) — Scans source code for patterns matching known security flaws and logic errors to prevent insecure code from reaching production. ([source](https://semgrep.dev/llms.txt#semgrep))
- [Security Testing](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing.md) — Scans source code for known security vulnerabilities and logic errors to prevent insecure code from reaching production environments.
- [Software Supply Chain Security](https://awesome-repositories.com/f/security-cryptography/software-supply-chain-security.md) — Identifies insecure dependencies and risky coding patterns to reduce the attack surface of modern software applications.

### Artificial Intelligence & ML

- [Pattern Matching Engines](https://awesome-repositories.com/f/artificial-intelligence-ml/pattern-matching-engines.md) — Provides a developer-focused utility for searching and enforcing custom coding standards across large codebases.
- [Analysis Data Protocols](https://awesome-repositories.com/f/artificial-intelligence-ml/agent-communication-protocols/agent-to-agent-communication/analysis-data-protocols.md) — Exposes code analysis and security findings through standardized communication protocols to ensure consistent data exchange between systems. ([source](https://semgrep.dev/llms.txt#semgrep))

### Software Engineering & Architecture

- [Static Analysis Rule Engines](https://awesome-repositories.com/f/software-engineering-architecture/static-analysis-rule-engines.md) — Executes declarative pattern definitions against a parsed code model to identify security flaws without requiring the code to execute.
- [Abstract Syntax Tree Tools](https://awesome-repositories.com/f/software-engineering-architecture/abstract-syntax-tree-tools.md) — Provides utilities for programmatically parsing and traversing source code structures to enable custom pattern matching.
- [Automated Code Quality Tools](https://awesome-repositories.com/f/software-engineering-architecture/automated-code-quality-tools.md) — Maintains consistent coding standards by automatically identifying and flagging non-compliant code patterns.
- [Incremental Analysis Engines](https://awesome-repositories.com/f/software-engineering-architecture/performance-analysis/incremental-analysis-engines.md) — Optimizes performance by re-analyzing only modified code segments to provide rapid feedback during development.
- [Language Parsers](https://awesome-repositories.com/f/software-engineering-architecture/syntax-parsing-engines/language-parsers.md) — Uses independent front-end modules to convert various source languages into a common internal representation for centralized analysis.
- [Security Tool Integrations](https://awesome-repositories.com/f/software-engineering-architecture/application-frameworks/autonomous-agent-frameworks/external-tool-integrations/security-tool-integrations.md) — Connects automated reasoning tools to external security platforms by sharing code insights through standardized protocols.
- [Real-time Change Tracking](https://awesome-repositories.com/f/software-engineering-architecture/human-in-the-loop-workflows/real-time-change-tracking.md) — Monitors file system modifications to update internal code models in real time for optimized scanning.

### Data & Databases

- [Structural Code Searchers](https://awesome-repositories.com/f/data-databases/search-indexing-technologies/search-indexing/search-information-retrieval/code-context-search/structural-code-searchers.md) — Searches and enforces specific structural patterns across large codebases using a lightweight syntax to maintain architectural integrity.

### Development Tools & Productivity

- [Code Quality and Analysis](https://awesome-repositories.com/f/development-tools-productivity/code-quality-analysis.md) — Enforces consistent coding standards and best practices across a codebase to maintain high software quality.
- [Declarative Rule Engines](https://awesome-repositories.com/f/development-tools-productivity/declarative-rule-engines.md) — Interprets user-defined pattern rules to identify security flaws without requiring the target code to execute.

### Programming Languages & Runtimes

- [Intermediate Representations](https://awesome-repositories.com/f/programming-languages-runtimes/compiler-interpreter-internals/compiler-infrastructure/intermediate-representations.md) — Normalizes diverse programming languages into a unified format to allow security rules to run consistently across different codebases.

### Web Development

- [Taint Analysis Engines](https://awesome-repositories.com/f/web-development/data-flow-architectures/taint-analysis-engines.md) — Tracks the movement of untrusted input through an application to identify potential security vulnerabilities where data reaches sensitive functions.