Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt

Use this file to discover all available pages before exploring further.

Requirements for integrators

  • Do not resell rules from the Registry, unless you acquire an explicit license from Semgrep, Inc. Semgrep rules are released under the Semgrep Rules License, which prohibits redistribution in a commercial product.
  • State that you are using Semgrep; refer to Semgrep as capital S with the trademark: Semgrep™
  • Link to semgrep.dev/login to allow users to get an API token to pass to Semgrep so they can access the Pro Engine and rules.
  • Set SEMGREP_INTEGRATION_NAME in your environment to your domain name (for example, “xyz.com”). This helps us reproduce and debug issues with Semgrep in your environment.
  • Don’t integrate semgrep scan in a CI setup. Instead use semgrep ci, which has diff-awareness built-in and is designed to be easy to integrate into dozens of CI environments. It’s also much faster.
  • Enable metrics (--metrics=on) by default, which lets the Semgrep team prioritize languages and technologies to improve speed and accuracy.
  • Contribute new public rules back to the semgrep-rules repository. This helps us avoid community fragmentation and will automatically pull your rule into the searchable Registry on semgrep.dev; plus Semgrep will maintain it for you!
For more information, please refer to the section on licensing in our documentation. If you have additional questions, email us at partners@semgrep.com.