Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt

Use this file to discover all available pages before exploring further.

Semgrep can help address security requirements in the following compliance frameworks and standards:

Government and federal standards

  • FedRAMP: Federal Risk and Authorization Management Program for cloud services used by U.S. federal agencies
  • NIST 800-171: Protecting Controlled Unclassified Information (CUI) in nonfederal systems

Healthcare and privacy

  • HIPAA/HITRUST: Health Insurance Portability and Accountability Act and HITRUST Common Security Framework
  • GDPR: General Data Protection Regulation for protecting personal data of EU residents

Financial services

  • PCI DSS: Payment Card Industry Data Security Standard for protecting cardholder data

Information security standards

  • ISO 27001: International standard for information security management systems (ISMS)
  • ISO 27017: Code of practice for information security controls for cloud services

SOC 2

  • SOC 2: Service Organization Control 2 for security, availability, processing integrity, confidentiality, and privacy

Getting started with compliance

1
Review the specific framework page relevant to your organization from the list above
2
Understand which controls Semgrep can help address in your compliance program
3
Deploy Semgrep following the core deployment guide
4
Configure policies that align with your compliance requirements
5
Work with your compliance team to incorporate Semgrep into your compliance documentation and audit processes
For questions about how Semgrep fits into your specific compliance program, contact your compliance team or Semgrep support.