Opengrep - The open-source code security engine

We’re launching Opengrep, a fork of Semgrep CE (formerly Semgrep OSS), in response to recent changes by Semgrep that affect its open-source nature: removing critical features of the scanning engine behind a commercial license - effectively kneecapping its use- and limiting access and progress for the broader community. The key features of the scanning engine removed from the open source engine include language support, tracking ignores, fingerprint, meta-variables, amongst others.

Our mission with Opengrep is simple: build the most advanced static analysis engine– fully open-source.

We’re investing for the long term with a strong roadmap for impactful new features. We will commoditize and advance Static Application Security Testing (SAST).

Your value

For users, Opengrep means:

1. A better and more capable scanning engine that does not hide essential metadata and new scanning capabilities behind a login. Opengrep will be backward compatible and support common JSON and SARIF outputs, enabling you to adopt and integrate Opengrep into your workflows;

2. An improved engine enabling more powerful analyses, Opengrep will unlock previously pro-only capabilities, including inter-procedural analysis (cross-function), cross-file analysis, windows support, extended language support, and more.

3. Long-term assurance that future improvements and features won’t be locked into specific vendors.

4. Your contributions to Opengrep and PRs are regularly reviewed and accepted on merit, not contingent upon the commercial interest of any single company.

We invite everyone who shares this mission to use and contribute to Opengrep.

Our mission

By working together, we can pool resources, OCaml development power, and expertise to advance static code analysis further and faster.

This is why a consortium of 10+ organizations in the application security space, including Aikido Security, Arnica, Amplify, Endor Labs, Jit, Kodem, Legit, Mobb, Orca Security, Phoenix Security, and others have united behind Opengrep.

There is a full-time developer team building Opengrep. Each organization contributes resources or OCaml development power to build the Opengrep engine for the benefit and free use of all. To further guarantee Opengrep’s open future, parties have committed a timeframe to move Opengrep under foundation management.

Follow the Opengrep calendar & join the open roadmap sessions, get involved, and weigh in on the roadmap.

Getting Started

• github.com/opengrep/opengrep - Install, run, or contribute to the Opengrep CLI.

Social channels

We encourage community driven conversations via X, Reddit or GitHub. Join meetings via the opengrep calendar