Fast, open-source, static analysis tool for modern languages from r2c.

With 1,000+ existing rules and simple-to-create custom ones, it finds the bugs that matter. The tool's two-fold ability to boost velocity in DevSecOps, and promote the use of Secure Development Best Practices, make Semgrep powerful and unique.

Use Semgrep to bring security analysis to the forefront of development and more:
 

• Find complex code with one or two simple rules that are easily maintained by developers.

• Take advantage of rules tested over thousands of projects and improved by an amazing OSS community; OWASP members and r2c.

• Create custom rules to catch issues that are unique to a target codebase, for example; business logic flaws

• Reduce security review load by pinpointing only the code you care about.