- Semgrep Code
  Find and fix the issues that matter in your code (SAST)
- Semgrep Supply Chain
  Find and fix reachable dependency vulnerabilities (SCA)
- Semgrep Secrets
  Find and fix hardcoded secrets with semantic analysis
- Semgrep Assistant
  Get triage and code fix recommendations from AI
- Semgrep AppSec Platform
  Automate, manage, and enforce security across your organization
- Semgrep Pro Engine
  Find more true positives and fewer false positives with dataflow analysis
- Product Updates
  Stay up to date on changes to the Semgrep platform, big and small
- Software supply chain security
  Mitigate software supply chain risks
- Static application security testing
  Increase security while accelerating development
- OWASP Top 10
  Prevent the most critical web application security risks
- Docs
  Want to read all the docs? Start here
- Blog
  Get the latest news about Semgrep
- ROI Calculator
  See how Semgrep can save you time and money
- Community Slack
  Join the friendly Slack group to ask questions or share feedback
- Events
  Join us at a Semgrep Event!
- Case Studies
  See why users love Semgrep
- Video Library
  View our library of on-demand webinars
- About
  The Semgrep story & values
- Careers
  Join the team!
- Partners
  Become a Semgrep partner
Pricing
Sign in
Product support
Contact us
Book demo Try for free

Pricing

Feel secure about our pricing

We make it expensive to exploit software, not to secure it.

Community Edition

The most popular open-source SAST engine on GitHub — trusted by millions of developers worldwide.

Open-source

Free

Highlights

Community-driven security rules
Community support
DIY CI/CD code scanning

Teams

Extensible app security for growing teams. Choose from Code (SAST), Supply Chain (SCA), and Secrets Detection to eliminate noise out of the box, streamline developer workflows, and give security teams full visibility.

Starting at

$35 / month per contributor

Highlights

Choose from SAST, SCA, and Secrets Detection
Pro Rules and cross-file analysis
AI Assistant
Award-winning support
One-click deploy
Single sign-on (SSO)

Enterprise

Built for impact. Get the same powerful AppSec platform as Teams — plus white glove onboarding, dedicated support, roadmap access, and a team deeply invested in your success.

Custom

$50 / month per contributer

Everything in Teams, plus

Dedicated account manager
Tailored onboarding
Volume pricing
Roadmap visibility and influence
Early access to the latest features
Priority support for fast resolution

Compare Plans

See the difference in features

Community Edition

Free

Teams

$35 / month per contributor

Enterprise

$50 / month per contributor

Community Edition

Free

Teams

$35 / month per contributor

Enterprise

$50 / month per contributor

Code (SAST)

Static Code Analysis engine

Community Edition

Pro Engine

Unlimited

Security Rule Sets

Community Rules

Pro Rules

Unlimited

Supported Languages

$35

$50

Custom Rules

GitHub / GitLab

GitHub / GitLab / OIDC + SAM

Cross-file Analysis

Dataflow Taint Analysis

Team License

$40 / month per contributor

Supply Chain (SCA)

Software Composition Analysis

Lockfile and Code Scanning

Reachability Analysis

Malicious Dependency Detection

Exploit Prediction Scoring System (EPSS)

SBOM Generation

License Compliance Checking

Dependency Search

Team License

$40 / month per contributor

Secrets Detection

Semantic Analysis

Entropy Analysis

Secret Validation

Pre-Commit Hook

Historical Scanning (Beta)

Team License

$20 / month per contributor

Semgrep Assistant (AI)

Remediation Guidance

Upgrade Guidance

Auto-triage

Auto-fix

Memories

Custom AI Model Provider

Source Code Management (SCM)

Public Repositories

Unlimited

Private Repositories

Unlimited

Monorepo Support

GitHub, GitLab, Bitbucket, Azure

Distributed Scans

Self-managed Repositories

Workflow Integrations / SDLC

CLI

CI/CD Integration

One Click

PR/MR Integration

IDE Plugins: VS Code, Jetbrains

Slack, Email

Jira Ticketing

Wiz Integration

REST API

Security & Compliance

Policy Engine

Single Sign-on (SSO)

Role-based Access Control (RBAC)

Support

Support Type

Community

Award-Winning

Training & Onboarding

Documentation

Semgrep Academy, Documentation

Dedicated Account Manager

FAQS

Frequently Asked Questions (FAQs)

How are contributors counted?

A contributor is someone who made a commit to your organization's private repository scanned by Semgrep in the past 90 days.

Is there special pricing for security consultants?

Many of us were security consultants in our previous roles. To inquire about using Semgrep in your consulting work, please contact us.

Is there special pricing for early stage startups?

Yes, and we love startups. To get access to special pricing, please contact us.

Is private source code shared with Semgrep, Inc?

No. Semgrep runs either locally or fully in your CI pipeline, and your source code never leaves your computer or your CI environment. Only meta-data related to Semgrep runs (see docs) are sent to Semgrep's service.

If you opt-in to Semgrep Assistant, Semgrep’s automated recommendations for triage and code remediation assisted by GPT-4, the Semgrep Assistant feature submits part of the file that has a finding in it to OpenAI for processing by a GPT model. OpenAI is not allowed to use the submitted code for training their models.

If you opt-in to Semgrep Managed Scans, allowing onboarding of repositories and their scanning without the need for per-project provisioning, then Semgrep’s service clones your repository at the beginning of every scan. Once the scan completes, the clone is destroyed and is not persisted anywhere.

What are private and pro rules?

Users in the Teams and Enterprise tiers for Semgrep can publish rules to the Semgrep Registry as Private rules that are not visible to others outside their organization. The private rules enable you to hide code-sensitive information or legal requirements that prevent you from using a public registry.

Pro rules are proprietary rules written by our security research team with the goal to provide a set of supported rules with improved coverage (across languages and vulnerability types), leveraging the latest Semgrep features, and providing high-confidence results.

Need something custom?

Ask us about our Enterprise tier, including customized support plans and feature development.

Your privacy matters to us. By submitting this form, you agree to our Privacy Policy