Products
- Semgrep Code
  Find and fix the issues that matter in your code (SAST)
- Semgrep Supply Chain
  Find and fix reachable dependency vulnerabilities (SCA)
- Semgrep Secrets
  Find and fix hardcoded secrets with semantic analysis
- Semgrep Assistant
  Get triage and code fix recommendations from AI
- Semgrep AppSec Platform
  Automate, manage, and enforce security across your organization
- Semgrep Pro Engine
  Find more true positives and fewer false positives with dataflow analysis
- Product Updates
  Stay up to date on changes to the Semgrep platform, big and small
Solutions
- Software supply chain security
  Mitigate software supply chain risks
- Static application security testing
  Increase security while accelerating development
- OWASP Top 10
  Prevent the most critical web application security risks
Resources
- Docs
  Want to read all the docs? Start here
- Blog
  Get the latest news about Semgrep
- ROI Calculator
  See how Semgrep can save you time and money
- Community Slack
  Join the friendly Slack group to ask questions or share feedback
- Events
  Join us at a Semgrep Event!
- Case Studies
  See why users love Semgrep
- Video Library
  View our library of on-demand webinars
Company
- About
  The Semgrep story & values
- Careers
  Join the team!
- Partners
  Become a Semgrep partner
Pricing
Sign in
Product support
Contact us
Book demo Try for free

Supercharge Semgrep OSS Capabilities

Semgrep Pro Engine

Advanced code analysis with interfile capabilities and enterprise language support

Cross-file analysis Cross-function analysis Additional advanced analysis

Analyze code across files

Pro Engine uses advanced dataflow analysis to reduce the number of false positives and discover new true positives across files.

Interfile analysis is available for C, C++, Golang, Java, Kotlin, and JavaScript/TypeScript.

Learn more

Analyze code across function boundaries

Pro Engine provides interprocedural analysis, including dataflow analysis methods such as taint analysis, constant propagation, and typed metavariables.

Interprocedural analysis is available for all languages supported by Semgrep and is currently experimental.

Support for enterprise languages

In addition to all the languages supported by Semgrep OSS Engine, Pro Engine also supports enterprise languages such as Apex.

Find deeper issues with more accuracy

Discover more true positives: advanced code analysis helps uncover more complex vulnerabilities across files and procedures.
Reduce false positives: dataflow analysis features such as taint-tracking can, for example, see whether tainted user inputs are able to reach an unsafe SQL statement via a long chain of function calls.

See Pro Engine in action

Works without compiled code

Easily scan your code and avoid rollout and management headaches.
Scan more rapidly than other advanced analysis tools.

Why we developed Pro Engine

Easily write and customize rules

Rule syntax is very similar to the source code itself -> no need to understand abstract syntax trees or learn a domain-specific language.
For interfile analysis, Golang, Java, JavaScript, Kotlin, and TypeScript are supported.
For interprocedural analysis, 30+ languages are supported.

Documentation

Semgrep Pro Engine

Analyze code across files

Analyze code across function boundaries

Support for enterprise languages

Learn more about the Pro Engine

Announcing Semgrep’s support for Go in Pro Engine

The birth of Semgrep Pro Engine

Announcing Semgrep Code: SAST designed and built for engineers