semgrep has 36.8M monthly downloads and 16K GitHub stars. Version 1.168.0 supports Python 3.10+, first published in 2020.
It is actively maintained under a copyleft license, last released in Jun 2026.
It is built on top of attrs, boltons and click. It is used by 68 tracked packages, including codeshield, njsscan and mobsfscan.
GitHub topics include static-analysis, static-code-analysis and java.
Package Insights
((week_daily_avg - month_daily_avg) / month_daily_avg) * 100Weekly Downloads
GitHub Stars
Downloads by OS
Python Versions
Top Countries
Dependencies
- attrs >=21.3
- boltons ~=21.0
- click ~=8.1.8
- click-option-group ~=0.5
- colorama ~=0.4.0
- exceptiongroup ~=1.2.0
- glom >=23.3
- jsonschema ~=4.25.1
- mcp ==1.23.3
- opentelemetry-api ~=1.37.0
- opentelemetry-exporter-otlp-proto-http ~=1.37.0
- opentelemetry-instrumentation-requests ~=0.58b0
- opentelemetry-instrumentation-threading ~=0.58b0
- opentelemetry-sdk ~=1.37.0
- packaging >=21.0
- peewee ~=3.14
- pyjwt ~=2.13.0
- pywin32 ==311
- requests ~=2.22
- rich >=13.5.2
- ruamel-yaml >=0.18.15
- ruamel-yaml-clib ==0.2.15
- semantic-version ~=2.10.0
- tomli ~=2.4.0
- typing-extensions ~=4.2
- urllib3 ~=2.0
- wcmatch ~=8.3
Used By
- codeshield
- njsscan
- mobsfscan
- whispers
- semgrep-mcp
- pyfltr
- adversary-mcp-server
- bug-hunter-cli
- qappuccinolibrary
- ai-red-teaming-engine
- mergeguide
- hikaflow
- techlens-agent
- aion-evolve
- constraints-registry
- mcpsec
- vcsp-guard
- code-audit-23
- repotoire
- appsec-discovery
- tythanai-community
- yobitsugi
- verinfast
- vibe-check-cli
- trusys-llm-scan
- sentinel-sec
- redcodegen
- route-detect
- reqdonkey
- moss-pqc
- codesecure-core
- autofic-core
- vexa-core
- crossbow-agent
- patched-cli
- cryptohound
- praevisio
- cagged
- glint-linter
- a-piece-of-shit
- qodacode
- plone-codemod
- napalm-toolbox
- pragmatiks-lint
- malware-detector-py
- shieldbot-mcp
- vulnerability-scanner
- iflow-mcp-aws-samples-security-scanner-mcp-server
- privlog
- repopeel