Semgrep Alternatives

Semgrep is described as 'Fast, open-source, static analysis tool that excels at expressing code standards — without complicated queries — and surfacing bugs early at editor, commit, and CI time. Precise rules look like the code you’re searching; no more traversing abstract syntax trees or' and is an app in the security & privacy category. There are more than 25 alternatives to Semgrep for a variety of platforms, including Windows, Web-based, Linux, SaaS and Mac apps. The best Semgrep alternative is SonarQube, which is both free and Open Source. Other great apps like Semgrep are Codacy, Shellcheck, Cppcheck and Coverity Scan.

More about Semgrep
Copy a direct link to this comment to your clipboard
Semgrep alternatives page was last updated

Alternatives list

  1. SonarQube icon

    SonarQube

     27 likes

    SonarQube is an open source quality management platform, dedicated to continuously analyze and measure source code quality, from the portfolio to the method. Static code analysis is available in the "Community Edition" (free / open source) for:

    28 SonarQube alternatives

    Cost / License

    • Freemium (Subscription)
    • Open Source (LGPL-3.0)

    Platforms

    • Mac
    • Windows
    • Linux
    • Online
    SonarQube screenshot 1
     

    • SonarQube is the most popular Web-based, Windows, Mac & Linux alternative to Semgrep.

    • SonarQube is the most popular Open Source & free alternative to Semgrep.

    • SonarQube is Freemium and Open SourceSemgrep is also Freemium and Open Source
  2. Codacy icon

    Codacy

     25 likes

    Automatically reviews code style, security, duplication, complexity, and coverage on every change while tracking code quality throughout your sprints.

    Cost / License

    • Free Personal
    • Open Source

    Platforms

    • Online
    • Self-Hosted
    • Software as a Service (SaaS)
    Codacy screenshot 1
     

    • Codacy is the most popular SaaS & Self-Hosted alternative to Semgrep.

    • Codacy is Free Personal and Open SourceSemgrep is Freemium and Open Source
  4. Shellcheck icon

    Shellcheck

     5 likes

    A simple tool for finding bugs in shell scripts.

    Cost / License

    Platforms

    • Online
    • Visual Studio Code
    • Vim
    • Sublime Text
    • GNU Emacs
    • Atom
    Shellcheck screenshot 1
     
  5. Cppcheck icon

    Cppcheck

     23 likes

    Cppcheck is an static analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools it does not detect syntax errors in the code. Cppcheck primarily detects the types of bugs that the compilers normally do not detect.

    Cost / License

    Platforms

    • Windows
    • Linux
    • PortableApps.com
    • Eclipse
    Cppcheck screenshot 1
     

  6. Coverity Scan

     4 likes

    Coverity Scan Static Analysis allows to find and fix defects in your Java, C/C++ or C# open source project for free.

    17 Coverity Scan alternatives

    Cost / License

    • Freemium (Pay once)
    • Proprietary

    Platforms

    • Mac
    • Windows
    • Linux
    • Online
    • BSD
     
  7. Flawfinder icon

    Flawfinder

     3 likes

    Flawfinder examines C/C++ source code and reports possible security weaknesses ("flaws'') sorted by risk level. It's very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public.

    Cost / License

    Platforms

    • Windows
    • Linux
     
  9. SQuORE icon

    SQuORE

     2 likes

    SQuORE is a business intelligence and static code analysis tool for software projects. It gathers information from different artefacts types (e.g. source code, test results, bug tracking system) and tools (reads outputs of Checkstyle, PMD, FindBugs, Polyspace, Coverity or...

    Cost / License

    • Paid
    • Proprietary

    Platforms

    • Windows
    • Linux
     

    • SQuORE is the most popular commercial alternative to Semgrep.

    • SQuORE is Paid and ProprietarySemgrep is Freemium and Open Source
  10. Code Climate icon

    Code Climate

     5 likes

    Code Climate’s engineering process insights and automated code review for GitHub and GitHub Enterprise help you ship better software, faster.

    Cost / License

    • Freemium (Subscription)
    • Proprietary

    Platforms

    • Online
    Code Climate screenshot 1
     
  11. ProjectCodeMeter icon

    ProjectCodeMeter

     Like

    ProjectCodeMeter Is a professional software tool for project managers to measure and estimate the Time, Cost, Complexity, Quality Metrics and Maintainability of software projects as well as Development Team Productivity by analyzing their source code.

    Cost / License

    • Pay once
    • Proprietary

    Platforms

    • Windows
    ProjectCodeMeter screenshot 1
     
  12. SensioLabs Insight icon

    SensioLabs Insight

     1 like

    SensioLabsInsight is a quality assurance tool that analyzes your source code to find problems that degrade the overall quality of your projects. It can analyze any application developed with PHP, but it's specially designed to perform advanced analysis of Symfony2...

    Cost / License

    • Freemium
    • Proprietary

    Platforms

    • Online
    SensioLabs Insight screenshot 1
     
  13. Landscape (Python) icon

    Landscape (Python)

     2 likes

    Landscape is an early warning system for the Python codebase. It integrates into GitHub, uses the Prospector code analysis tool for Python, and aggregates the analysis results nicely.

    Cost / License

    • Free Personal
    • Proprietary

    Platforms

    • Online
    Landscape (Python) screenshot 1
     
  14. PhpMetrics icon

    PhpMetrics

     1 like

    PhpMetrics provides metrics about PHP project and classes, with beautiful and readable HTML report.

    Cost / License

    • Free
    • Open Source (MIT)

    Platforms

    • Self-Hosted
    PhpMetrics screenshot 1
     
12 of 26 Semgrep alternatives