Products
- Semgrep Code
  Find and fix the issues that matter in your code (SAST)
- Semgrep Supply Chain
  Find and fix reachable dependency vulnerabilities (SCA)
- Semgrep Secrets
  Find and fix hardcoded secrets with semantic analysis
- Semgrep Assistant
  Get triage and code fix recommendations from AI
- Semgrep AppSec Platform
  Automate, manage, and enforce security across your organization
- Semgrep Pro Engine
  Find more true positives and fewer false positives with dataflow analysis
- Product Updates
  Stay up to date on changes to the Semgrep platform, big and small
Solutions
- Secure Vibe Coding
  Secure your code, no matter who (or what) writes it.
- Software supply chain security
  Mitigate software supply chain risks
- Static application security testing
  Increase security while accelerating development
- OWASP Top 10
  Prevent the most critical web application security risks
- Secure Guardrails
  Protect Your Code with Secure Guardrails
- Fintech
  Mitigate software supply chain risks
- SaaS & Cloud
  Increase security while accelerating development
Resources
- Docs
  Want to read all the docs? Start here
- Blog
  Get the latest news about Semgrep
- ROI Calculator
  See how Semgrep can save you time and money
- Community Slack
  Join the friendly Slack group to ask questions or share feedback
- Events
  Join us at a Semgrep Event!
- Case Studies
  See why users love Semgrep
- Video Library
  View our library of on-demand webinars
Company
- About
  The Semgrep story & values
- Careers
  Join the team!
- Partners
  Become a Semgrep partner
Pricing
Sign in
Product support
Contact us
Book demo Try for free

What's New

Semgrep Summer ‘25 Release

Each quarter, we spotlight the most impactful Semgrep releases across Code, Supply Chain, and Secrets Detection to help you cut noise, find real risks, and keep your code secure.

Watch the Replay Download Release Kit

What’s new this summer?

Don’t miss your chance to catch up on this summer’s biggest Semgrep launches – and win a Millennium Falcon™ LEGO set. Our product experts will walk you through key highlights you won't want to miss, including the Assistant Memories GA, the industry's first reachability analysis for PHP, and other powerful features across the Semgrep platform.

Plus, get a first look at what's coming. Whether you’re a longtime user or brand new to Semgrep, you’ll learn how to cut false positives, put AppSec on autopilot, scale security across every repo and team, and maximize coverage – right out of the box.

Watch the webinar replay

Imagine Zero False Positive AppSec

Cut false positives so your team can focus on fixing what’s real.

SEMGREP ASSISTANT

Assistant Memories (GA)
Memories turn manual triage into customization, and developer feedback into reusable context. It permanently reduces the number of irrelevant alerts developers and security folks see in the future. The result? A platform that gets closer zero false positives every day you use it.

SEMGREP SUPPLY CHAIN

PHP Reachability Analysis (GA)
The industry's first reachability analysis for PHP, a server-side language in over 70% of websites. Reachability cuts vulnerability backlogs by 98% by determining if your code uses known-vulnerable dependencies in a potentially exploitable way.

CVE Filtering in Supply Chain Policies (GA)
Customize Supply Chain policies using CVEs as a condition to reduce alert fatigue by filtering out PR comments based on CVEs.

Put AppSec on Autopilot

Use AI to automatically enhance detection, triage, and remediation, at scale.

SEMGREP SECRETS DETECTION

Memories for Generic Secrets
Generic secrets detection is useful, but it can be noisy. Assistant already filters out a lot of that noise by reasoning about which findings are truly sensitive. With Memories, you can capture organization-specific patterns so Assistant knows exactly what’s relevant in your environment.

SECURE VIBE CODING

Supply Chain in Semgrep MCP
Now the Semgrep MCP Server can pull dependency vulnerability scan info directly into AI-powered developer tools like Cursor to make bug bashing fast. Prevent AI-assisted coding tools from using dependencies with known vulnerabilities.

Operationalize and Scale

Roll out AppSec across every repo, team, and workflow. Grow your security program without friction.

SEMGREP APPSEC PLATFORM

Customizable PR/MR Comments
Customizable templates for Semgrep comments let teams include standardized information on all Semgrep PR or MR comments. Custom comments allow you to direct your teams to the resources they need to handle the vulnerabilities Semgrep identifies in their code.

SEMGREP SECRETS DETECTION

Slack Notifications for Secrets Findings
Now you can send Slack notifications for Secrets findings. Security and development teams can get instant alerts – helping them act faster and fix issues before they become risks. Customize your notification preferences based on severity and other factors.

Maximize Coverage

Cover more languages, frameworks, threat types, and more – right out of the box.

SEMGREP APPSEC PLATFORM

More Rules, More Coverage
We’re using GenAI to create a set of rules tailored to your code. Using information from your code base (e.g., libraries & packages) we’re able to generate highly customized packages. Customers in our private beta program are seeing significant increases in coverage. We’ve 10x’ed their Python rules and doubled library coverage.

Native Windows Support for CLI & IDE
Semgrep now runs natively on Windows without requiring WSL. Developers can install and use it directly from the CLI or in IDEs like VSCode, IntelliJ, and Cursor. Native Windows support makes AppSec faster and easier for millions of developers who work on Windows every day. By removing setup hurdles, teams can start scanning code immediately, improve security coverage, and accelerate time-to-value.

SEMGREP SUPPLY CHAIN

Dependency Path for C# (NuGet) and Python (uv)
Get visibility into how dependencies, including transitive ones, are imported into your code, making it easier to prioritize and remediate direct and transitive dependencies.

Explore Additional Resources

Register for webinar

Get a detailed look at this quarter’s latest innovations.

Download the release kit

Discover latest product updates

Stay informed about new features and enhancements.

Explore Now

Check out the release notes

Understand the full scope of changes in each release.

Explore Now

Learn AppSec with Academy

Learn to create secure software with us.

Enroll for Free