The Semgrep analyzer performs Static Application Security Testing (SAST) scanning on repositories. It supports 30+ languages, including:
Apex · Bash · C · C++ · C# · Clojure · Dart · Dockerfile · Elixir · HTML · Go · Java · JavaScript · JSX · JSON · Julia · Jsonnet · Kotlin · Lisp · Lua · OCaml · PHP · Python · R · Ruby · Rust · Scala · Scheme · Solidity · Swift · Terraform · TypeScript · TSX · YAML · XML · Generic (ERB, Jinja, etc.)
For more information, see Supported languages.
The analyzer wraps Semgrep, and is written in Go. It uses the shared analyzer package.
This code is distributed under the BSD-3-Clause license