Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt

Use this file to discover all available pages before exploring further.

  • Semgrep operates directly on source code, whereas CodeQL requires a buildable environment.
  • Semgrep provides both proprietary and open source options that can be run anywhere; CodeQL is not open source and you must pay to run it on any non-open-source code.
  • Semgrep focuses on speed and ease of use. and doesn’t require compiled code.
    • Semgrep Community Edition (CE) provides intraprocedural dataflow. Semgrep Code’s cross-file and cross-function analysis has similar capabilities as CodeQL in terms of cross-function dataflow analysis for a subset of supported languages.
  • Both have publicly available rules.
  • Semgrep rules look like the source code you’re writing; CodeQL has a separate domain-specific-language for writing queries.
  • Semgrep has an online, hosted free plan for up to ten contributors to private repositories; both have a hosted paid plan.