Documentation Index
Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt
Use this file to discover all available pages before exploring further.
Pro versus CE rules in Semgrep Code
CE rules are public, and anyone can contribute them. They use only features available in the Semgrep CE (OSS) engine. Pro rules are authored by Semgrep. They might cover the same topics as a CE rule, but they use the Pro engine. Since the Pro engine includes advanced features, like cross-file (interfile) analysis, matches are often more precise. Semgrep also publishes new Pro rules that overlap older Pro rules as coverage improves. When rules overlap, results might vary depending on which rules you run:- If a Pro rule exists, but you run only the overlapping CE rule, you might see more false positives than you would with the Pro rule.
- If you run both the Pro and the CE rules, you might see duplicate findings for the same underlying issue.
Identify findings from superseded rule
When more than one rule can match the same issue in the same code, Semgrep uses supersession relationships between rules to determine and recommend the preferred rule. Semgrep uses badges to mark superseded rules on the Findings and findings’ Details pages of AppSec Platform. Findings from the superseding (preferred) rule do not show upgrade badges. Findings from a superseded rule may show a badge. On AppSec Platform, you can click the badge to see the rule Semgrep recommends using instead. The following table summarizes the badges:| Badge | Meaning |
|---|---|
| Pro | The finding is from a Pro rule. This label is separate from the Upgrade available badge below. |
| Pro rule available | The finding is from a CE rule, but Semgrep recommends a Pro rule for this use case. |
| Upgrade available | The finding is from a Pro rule, but Semgrep recommends a different Pro rule, such as a newer or narrower rule. The finding can also show the Pro badge. |