Documentation Index
Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt
Use this file to discover all available pages before exploring further.
Semgrep Code and CE
Semgrep CE is a fast, lightweight program analysis tool that can help you detect bugs in your code. It makes use of Semgrep’s LGPL 2.1 open source engine. These languages are supported by the Semgrep community, at best effort. Semgrep Code is a static application security testing (SAST) solution designed to detect complex security vulnerabilities. It makes use of proprietary Semgrep analyses, such as cross-file (interfile) dataflow analysis and framework specific analyses, in addition to Semgrep CE. This results in a higher true positive rate than Semgrep CE. Semgrep Code provides the highest quality support by the Semgrep team: reported issues are resolved promptly. Use either tool to scan local code or integrate it into your CI/CD pipeline to automate the continuous scanning of your repositories.| Languages | 🚀 Semgrep Code: Free for small teams | Semgrep CE |
|---|---|---|
| C / C++ | Generally available • Cross-file dataflow analysis • 150+ Pro rules | Community supported • Limited to single-function analysis • Community rules |
| C# | **Generally available ** • Cross-file dataflow analysis • Supports up to C# 13 • 170+ Pro rules | Community supported • Limited to single-function analysis • Community rules • Supports up to C# 7.0 |
| Go | Generally available • Cross-file dataflow analysis • 80+ Pro rules | Community supported • Limited to single-function analysis • Community rules |
| Java | Generally available • Cross-file dataflow analysis • Framework-specific control flow analysis • 190+ Pro rules | Community supported • Limited to single-function analysis • Community rules |
| JavaScript | Generally available • Cross-file dataflow analysis • Framework-specific control flow analysis • 250+ Pro rules | Community supported • Limited to single-function analysis • Community rules |
| Kotlin | **Generally available ** • Cross-file dataflow analysis • 60+ Pro rules | Community supported • Limited to single-function analysis • Community rules |
| Python | Generally available • Cross-file dataflow analysis • Framework-specific control flow analysis • 710+ Pro rules • See Python-specific support details | Community supported • Limited to single-function analysis • Community rules |
| Typescript | **Generally available ** • Cross-file dataflow analysis • Framework-specific control flow analysis • 230+ Pro rules | Community supported • Limited to single-function analysis • Community rules |
| Ruby | **Generally available ** • Cross-function dataflow analysis • 40+ Pro rules | Community supported • Limited to single-function analysis • Community rules |
| Rust | **Generally available ** • Cross-function dataflow analysis • 40+ Pro rules | Community supported • Limited to single-function analysis • Community rules |
| JSX | **Generally available ** • Cross-function dataflow analysis • 70+ Pro rules | Community supported • Limited to single-function analysis • Community rules |
| PHP | **Generally available ** • Cross-function dataflow analysis • 50+ Pro rules | Community supported • Limited to single-function analysis • Community rules |
| Scala | **Generally available ** • Cross-function dataflow analysis • Community rules | Community supported • Limited to single-function analysis • Community rules |
| Swift | **Generally available ** • Cross-function dataflow analysis • 60+ Pro rules | Community supported • Limited to single-function analysis • Community rules |
| Terraform | Generally available • Cross-function dataflow analysis • Community rules | Community supported • Limited to single-function analysis • Community rules |
| Generic | **Generally available ** | Community supported |
| JSON | **Generally available ** | Community supported |
| APEX | Beta | Not available |
| Elixir | Beta | Not available |
Click to view experimental languages.
Click to view experimental languages.
- Bash
- Cairo
- Circom
- Clojure
- Dockerfile
- Hack
- HTML
- Jsonnet
- Julia
- Lisp
- Lua
- Move on Aptos
- Move on Sui
- OCaml
- R
- Scheme
- Solidity
- YAML
- XML
Language maturity definitions
Semgrep Code languages can be classified into four maturity levels:- Generally available (GA)
- Beta
- Experimental
- Community supported*
| Feature | GA | Beta | Experimental | Community supported |
|---|---|---|---|---|
| Support | Highest quality support by the Semgrep team. Reported issues are resolved promptly. | Supported by the Semgrep team. Reported issues are fixed after GA languages. | There are limitations to this language’s functionality. Reported issues are tracked and prioritized with best effort. | These languages are supported by the Semgrep community. While Semgrep may develop rules or engine updates for these languages, they are not prioritized. |
| Parse Rate | 99%+ | 95%+ | 90%+ | 90%+ |
| Number of Pro rules | 10+ | 5+ | 0+. Query the Registry to see if any rules exist for your language. | 0+. Query the Registry to see if any rules exist for your language. |
| Semgrep syntax | Regex, equivalence, deep expression operators, types and typing. All features supported in Beta. | Complete metavariable support, metavariable equality. All features supported in Experimental. | Syntax, ellipsis operator, basic metavariable functionality. | Syntax, ellipsis operator, basic metavariable functionality. |