The company develops the Semgrep AppSec Platform (a commercial offering for SAST, SCA, and secrets scanning) and actively maintains the open-source static code analysis tool semgrep OSS.

Semgrep has stable support for over 30 languages including C#, C, C++, Go, Java, JavaScript, JSON, Python, PHP, Ruby, and Scala.

[6] Semgrep rules are similar to source code and do not require knowledge of a domain specific language to write.

[7] Semgrep was based on sgrep, an open source part of pfff, a program analysis library developed at Facebook in 2009.

Analysis can be done without the need of custom configuration, and by utilizing rulesets created by Semgrep Inc. and open source contributors.