Service

Semgrep

Readiness Level
Intermediate
Semgrep
Related topics:
Cybersecurity Best Practices

CISA does not endorse any commercial product or service. CISA does not attest to the suitability or effectiveness of these services and resources for any particular use case. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation, or favoring by CISA.

Description

Semgrep OSS is an open-source, static analysis tool for searching code, finding bugs, and enforcing code standards at editor, commit, and CI time. It supports over 30 programming languages and analyzes code locally on your computer or in your build environment — without uploading source code anywhere.

LEARN ABOUT CISA'S CPGS

Tags

Audience
Industry, Small and Medium Businesses, Faith-Based Community, State, Local, Tribal, and Territorial Government
Topics
Cybersecurity Best Practices

Related Services

Foundational

ThreatMapper

ThreatMapper is a platform that understands the risks and build a prioritized list to be used as a guide for remediation.
Foundational

Velocity

Velocity is a cyber risk quantification platform that evaluates both internal cyber maturity and third-party risk.
Intermediate

SOCRadar Labs

SOCRadar Labs have more than 25 free tools to meet the daily needs of SOC analysts and CISOs in detecting existing and possible cyber threats.