Semgrep is a fast, open-source, static analysis tool for modern languages. With 1,500+ existing rules and simple-to-create custom ones, it finds the bugs that matter.

• Open source, works on 20+ languages
• Scan with 1,500+ community rules
• Write rules that look like your code
• Quickly get results in the terminal, editor, or CI/CD
• Flag issues moving forward, get results in pull requests, Slack, + more

This GitHub App allows you to get Semgrep results as PR comments, add Semgrep to your projects with one-click, and manage rules and results across multiple projects from one centralized place. Learn more at semgrep.dev.

Semgrep is developed and supported by Semgrep, Inc.. It is an evolution of pfff, which began at Facebook in 2009, which itself was an evolution of the Linux refactoring tool Coccinelle.