Semgrep

Semgrep accelerates your security journey by swiftly scanning code and package dependencies for known issues, software vulnerabilities, and detected secrets with unparalleled efficiency. Semgrep offers:
- Code to find bugs & vulnerabilities using custom or pre-built rules
- Supply Chain to find dependencies with known vulnerabilities
- Secrets to find hard-coded credentials that shouldn't be checked into source code

Semgrep analyzes code locally on your computer or in your build environment: by default, code is never uploaded.
Semgrep Code supports 30+ languages and Semgrep Supply Chain supports 8 languages across 15 package managers.