Semgrep findings are review signals, not proof that code is safe or unsafe. False positives and false negatives need human triage., Semgrep Community Edition has more limited analysis than the Semgrep AppSec Platform for security use cases, so high-risk release gates should account for that limitation., Custom rules can be noisy or overly broad. Test rules on representative code before enforcing them in CI, hooks, or agent-managed review workflows., Secrets and dependency findings can include sensitive values, package paths, or vulnerable code snippets, so reports and PR comments need careful handling., Do not let automated Semgrep results directly trigger production deploys, dependency upgrades, or irreversible changes without owner review.
Privacy notes
Semgrep scans source code, file paths, dependency manifests, lockfiles, comments, generated code, and rule matches in the selected project scope., The upstream README says Semgrep analyzes code locally by default and code is not uploaded, while platform workflows send findings for triage and reporting., Findings, SARIF, JSON output, CI logs, dashboard records, and PR comments can include file paths, code snippets, dependency names, rule IDs, and suspected secrets., Docker-based scans mount local source directories into the Semgrep container, so review volume paths and CI workspace scope before scanning private repositories., Logged-in platform scans, Semgrep Assistant, managed scans, and organization policies create additional hosted data and access-control considerations.
Author
Semgrep
Submitted by
oktofeesh1
Claim status
unclaimed
Last verified
2026-06-03
Decision playbook
Review trust signals before you adopt
Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.
Compare context
Selected
0
Current score
78
Baseline
—
Delta
No baseline selected
No major trust-signal divergence detected in the current selection.
Source and provenance checks
Complete
Confirm ownership and provenance before trusting install instructions.
Source link availableRequired
Open the canonical repository and verify ownership.
Done
Source provenance statusRequired
Marked as source-backed.
Done
Metadata reviewed
Registry metadata indicates a reviewed listing.
Done
Safety and privacy checks
Complete
Validate risk disclosures before installation or API wiring.
Safety notes presentRequired
Review the listed safety guidance before running commands.
Done
Privacy notes presentRequired
Review data handling notes before connecting accounts or secrets.
Done
Trust level risk gateRequired
Trust level does not block evaluation.
Done
Package and install checks
Needs review
Check package metadata and artifact integrity signals.
Install payload available
Install or copy payload is available for review.
Done
Package verification flag
No package verification flag provided.
Pending
Checksum metadata
No checksum provided for downloaded artifact.
Pending
Compare-driven decision checks
Needs review
Use compare context to validate trade-offs before adoption.
Compare tray has multiple entries
Add at least one more entry to compare trust differences.
5 safety and 5 privacy notes across 5 risk areas. Review closely: credentials & tokens, permissions & scopes, network access.
5 areas
SafetyGeneralSemgrep findings are review signals, not proof that code is safe or unsafe. False positives and false negatives need human triage.
SafetyGeneralSemgrep Community Edition has more limited analysis than the Semgrep AppSec Platform for security use cases, so high-risk release gates should account for that limitation.
SafetyGeneralCustom rules can be noisy or overly broad. Test rules on representative code before enforcing them in CI, hooks, or agent-managed review workflows.
SafetyCredentials & tokensSecrets and dependency findings can include sensitive values, package paths, or vulnerable code snippets, so reports and PR comments need careful handling.
SafetyGeneralDo not let automated Semgrep results directly trigger production deploys, dependency upgrades, or irreversible changes without owner review.
PrivacyPermissions & scopesSemgrep scans source code, file paths, dependency manifests, lockfiles, comments, generated code, and rule matches in the selected project scope.
PrivacyNetwork accessThe upstream README says Semgrep analyzes code locally by default and code is not uploaded, while platform workflows send findings for triage and reporting.
PrivacyCredentials & tokensFindings, SARIF, JSON output, CI logs, dashboard records, and PR comments can include file paths, code snippets, dependency names, rule IDs, and suspected secrets.
PrivacyPermissions & scopesDocker-based scans mount local source directories into the Semgrep container, so review volume paths and CI workspace scope before scanning private repositories.
PrivacyData retentionLogged-in platform scans, Semgrep Assistant, managed scans, and organization policies create additional hosted data and access-control considerations.
Disclosure: editorial
Safety notes
Semgrep findings are review signals, not proof that code is safe or unsafe. False positives and false negatives need human triage.
Semgrep Community Edition has more limited analysis than the Semgrep AppSec Platform for security use cases, so high-risk release gates should account for that limitation.
Custom rules can be noisy or overly broad. Test rules on representative code before enforcing them in CI, hooks, or agent-managed review workflows.
Secrets and dependency findings can include sensitive values, package paths, or vulnerable code snippets, so reports and PR comments need careful handling.
Do not let automated Semgrep results directly trigger production deploys, dependency upgrades, or irreversible changes without owner review.
Privacy notes
Semgrep scans source code, file paths, dependency manifests, lockfiles, comments, generated code, and rule matches in the selected project scope.
The upstream README says Semgrep analyzes code locally by default and code is not uploaded, while platform workflows send findings for triage and reporting.
Findings, SARIF, JSON output, CI logs, dashboard records, and PR comments can include file paths, code snippets, dependency names, rule IDs, and suspected secrets.
Docker-based scans mount local source directories into the Semgrep container, so review volume paths and CI workspace scope before scanning private repositories.
Logged-in platform scans, Semgrep Assistant, managed scans, and organization policies create additional hosted data and access-control considerations.
Prerequisites
Repository, folder, or CI workspace that you are authorized to scan.
Semgrep CLI installed through Homebrew, pipx, uv, Docker, or another official setup path.
Python 3.10 or later when using the native CLI installation path.
Reviewed rule selection, ignore policy, baseline policy, and triage owner for security, bug, dependency, and secrets findings.
Semgrep account and token when using Semgrep AppSec Platform, managed scans, or `semgrep ci` with hosted findings.
## Editorial notes
Semgrep is useful when Claude or an engineering agent is reviewing code that may need static security checks, custom organization rules, or repeatable CI guardrails. Its rule syntax looks like source code, which makes it easier to author targeted checks for project-specific bug patterns than raw grep or broad lint rules.
This is distinct from the existing Gitleaks tools entry and the security hook content that mentions Semgrep. Gitleaks is focused on secret scanning. Existing hooks and agents show Semgrep as one possible command inside broader Claude workflows. This entry is the dedicated Semgrep listing for the actual static analysis CLI and AppSec Platform.
## Source notes
- The official docs describe Semgrep as a platform for SAST, software composition analysis, and secrets scans, with custom rules for enforcing organization coding standards.
- The quickstart documents Python 3.10+, Homebrew, pipx, uv, Docker installation paths, `semgrep login`, `semgrep ci`, and `semgrep scan` for local CLI use without a GitHub or GitLab account.
- The docs and README list broad language support for Semgrep Code, Supply Chain reachability, and language-agnostic secrets detection.
- The README says Semgrep analyzes code locally by default and that code is not uploaded, while findings can be sent to the Semgrep AppSec Platform.
- The GitHub repository is `semgrep/semgrep`, is LGPL-2.1 licensed, and describes the project as lightweight static analysis for many languages using patterns that look like source code.
## Duplicate check
Checked current `content/tools/`, `content/mcp/`, agents, hooks, rules, skills, commands, open pull requests, live issue state, and repository-wide content for `Semgrep`, `semgrep.dev`, `github.com/semgrep/semgrep`, `static analysis`, `SAST`, `custom rules`, `code scanning`, `Semgrep AppSec Platform`, and `semgrep ci`. Existing files mention Semgrep inside broader security agents, hooks, or auditor rules, and Gitleaks already covers secret scanning, but no dedicated Semgrep tools entry, Semgrep source URL duplicate, or open duplicate PR was found.
## Disclosure
Editorial listing. No paid placement or affiliate link is used.
About this resource
Editorial notes
Semgrep is useful when Claude or an engineering agent is reviewing code that may need static security checks, custom organization rules, or repeatable CI guardrails. Its rule syntax looks like source code, which makes it easier to author targeted checks for project-specific bug patterns than raw grep or broad lint rules.
This is distinct from the existing Gitleaks tools entry and the security hook content that mentions Semgrep. Gitleaks is focused on secret scanning. Existing hooks and agents show Semgrep as one possible command inside broader Claude workflows. This entry is the dedicated Semgrep listing for the actual static analysis CLI and AppSec Platform.
Source notes
The official docs describe Semgrep as a platform for SAST, software composition analysis, and secrets scans, with custom rules for enforcing organization coding standards.
The quickstart documents Python 3.10+, Homebrew, pipx, uv, Docker installation paths, semgrep login, semgrep ci, and semgrep scan for local CLI use without a GitHub or GitLab account.
The docs and README list broad language support for Semgrep Code, Supply Chain reachability, and language-agnostic secrets detection.
The README says Semgrep analyzes code locally by default and that code is not uploaded, while findings can be sent to the Semgrep AppSec Platform.
The GitHub repository is semgrep/semgrep, is LGPL-2.1 licensed, and describes the project as lightweight static analysis for many languages using patterns that look like source code.
Duplicate check
Checked current content/tools/, content/mcp/, agents, hooks, rules, skills, commands, open pull requests, live issue state, and repository-wide content for Semgrep, semgrep.dev, github.com/semgrep/semgrep, static analysis, SAST, custom rules, code scanning, Semgrep AppSec Platform, and semgrep ci. Existing files mention Semgrep inside broader security agents, hooks, or auditor rules, and Gitleaks already covers secret scanning, but no dedicated Semgrep tools entry, Semgrep source URL duplicate, or open duplicate PR was found.
Disclosure
Editorial listing. No paid placement or affiliate link is used.
Apache-2.0 security scanner from NVIDIA for AI agent skills, with static pattern checks, optional LLM semantic analysis, MCP least-privilege and tool poisoning analyzers, OSV.dev vulnerability lookups, risk scoring, and terminal, JSON, Markdown, and SARIF reports.
✓Semgrep findings are review signals, not proof that code is safe or unsafe. False positives and false negatives need human triage.
Semgrep Community Edition has more limited analysis than the Semgrep AppSec Platform for security use cases, so high-risk release gates should account for that limitation.
Custom rules can be noisy or overly broad. Test rules on representative code before enforcing them in CI, hooks, or agent-managed review workflows.
Secrets and dependency findings can include sensitive values, package paths, or vulnerable code snippets, so reports and PR comments need careful handling.
Do not let automated Semgrep results directly trigger production deploys, dependency upgrades, or irreversible changes without owner review.
✓Gitleaks can scan git history and large directories, so scope scans intentionally and use baselines for noisy legacy repositories.
Findings may include real active credentials; treat reports, CI logs, and exported SARIF or JSON artifacts as sensitive.
The upstream README states Gitleaks is feature complete and future releases are expected to be security patches only.
✓SkillSpector is a scanner, not a sandbox. Scanning a Git URL clones code, scanning a URL downloads content, and scanning a zip extracts it; review untrusted inputs in a disposable workspace or container.
Use `--no-llm` when skill contents should not be sent to an external model provider for semantic analysis.
LLM-based findings are useful triage signals but should not be treated as formal proof that a skill is safe or malicious.
SARIF, JSON, Markdown, and terminal reports can include file paths, snippets, tool names, dependency names, vulnerability IDs, and recommendations; handle reports as security-sensitive artifacts.
OSV.dev live lookups send dependency package names and versions to the public OSV API, with fallback behavior documented for offline or failed requests.
The README classifies the project as useful before installing skills, but operators should still review scripts, permissions, MCP tools, network access, and installer commands manually.
✓ast-grep can rewrite many files quickly, so run searches, tests, and version-control review before applying broad fixes.
Structural patterns can still overmatch when rules are too broad; use narrow language settings, test cases, and staged changes for codemods.
Custom YAML rules and scripts should be reviewed before use in CI or automated agent workflows.
Privacy notes
✓Semgrep scans source code, file paths, dependency manifests, lockfiles, comments, generated code, and rule matches in the selected project scope.
The upstream README says Semgrep analyzes code locally by default and code is not uploaded, while platform workflows send findings for triage and reporting.
Findings, SARIF, JSON output, CI logs, dashboard records, and PR comments can include file paths, code snippets, dependency names, rule IDs, and suspected secrets.
Docker-based scans mount local source directories into the Semgrep container, so review volume paths and CI workspace scope before scanning private repositories.
Logged-in platform scans, Semgrep Assistant, managed scans, and organization policies create additional hosted data and access-control considerations.
✓Scans inspect repository contents, file contents, commit metadata, and streamed input for credential-like strings.
Report files and verbose logs can contain secret values unless redaction and artifact retention are configured carefully.
CI integrations may expose findings to workflow logs, code-scanning systems, or third-party build infrastructure.
✓SkillSpector can read skill manifests, source files, scripts, dependencies, local paths, raw URLs, Git clone contents, zip contents, and generated report outputs.
Optional LLM analysis may send skill content, code excerpts, metadata, and findings to the configured model provider or OpenAI-compatible endpoint.
LangGraph/LangChain-related runtime configuration and any enabled tracing can record scan metadata depending on the local environment variables.
Do not scan private skills, customer code, secrets, proprietary prompts, credentials, or regulated data with LLM analysis enabled unless that data flow is approved.
✓ast-grep primarily runs locally over source files and does not require uploading code to a hosted service for normal CLI use.
Search results, JSON output, logs, CI artifacts, and generated patches may expose source snippets or proprietary code.
Any package manager, editor extension, CI integration, or third-party wrapper around ast-grep may have its own telemetry or network behavior.
Prerequisites
Repository, folder, or CI workspace that you are authorized to scan.
Semgrep CLI installed through Homebrew, pipx, uv, Docker, or another official setup path.
Python 3.10 or later when using the native CLI installation path.
Reviewed rule selection, ignore policy, baseline policy, and triage owner for security, bug, dependency, and secrets findings.
A repository, directory, file, or stdin stream that you are authorized to scan.
Gitleaks installed through Homebrew, Docker, Go, a release binary, pre-commit, or the official GitHub Action.
A plan for handling findings, baselines, and allowed test credentials without exposing real secrets in reports.
Python 3.12 or newer and a virtual environment, or Docker if building the included container image.
Git when scanning remote repositories or installing from the source repository.
A local skill directory, single `SKILL.md`, zip archive, raw file URL, or Git repository URL to scan.
Provider credentials only if enabling optional LLM semantic analysis with OpenAI, Anthropic, NVIDIA build, or an OpenAI-compatible local endpoint.
Local source checkout for the codebase being searched, linted, or rewritten.
ast-grep CLI installed from a reviewed package source such as npm, pip, cargo, Homebrew, Scoop, mise, MacPorts, or a source build.
Language selection and rule patterns reviewed against representative files before large repository scans or rewrites.
Install
—
—
git clone https://github.com/NVIDIA/SkillSpector.git && cd SkillSpector && make install