AI Tool
Semgrep pricing, features, company info, and alternatives
A factual product page for Semgrep as an application security platform.
Last updated April 2026 ยท Pricing and features verified against official documentation
Pricing
Current public pricing tiers on file for Semgrep, last verified Apr 26, 2026.
Free Edition
$0 / month/contributor
Includes Code and Supply Chain, with up to 50 repositories and a maximum of 10 contributors.
Teams - Code / Supply Chain
$30 / month/contributor
Code (SAST) and Supply Chain (SCA) plans start at $30 per contributor per month.
Teams - Secrets
$15 / month/contributor
Secrets detection starts at $15 per contributor per month.
Enterprise
Custom
Sales-led plan with dedicated support, custom CI/CD integrations, optional dedicated infrastructure, and no repository or contributor limits.
What You Can Do With It
The main capabilities that shape how people use Semgrep today.
Unifies SAST, SCA, and secrets scanning in one AppSec platform.
Runs through the CLI, web app, IDE plugins, and CI/CD workflows with GitHub and GitLab support.
Adds cross-file analysis, taint tracking, triage, and remediation in the platform.
Exposes an API for deployments, projects, and findings on Team and Enterprise tiers.
Best For
Who Semgrep is most clearly built for.
Security teams that want one platform for code, dependency, and secret scanning.
Engineering orgs that need PR and merge-request checks plus IDE and CI/CD scanning.
Teams that want paid API access and managed triage workflows.
Company
Leadership and company context for Semgrep, Inc..
Founders
Drew Dennison, Isaac Evans, Luke O'Malley
Platforms
Where you can use Semgrep today.
Web
CLI
VS Code
JetBrains IDEs
Integrations
Notable connected tools and ecosystem hooks for Semgrep.
GitHub
GitLab
Jira
Slack
MCP
Privacy Notes
Publicly stated data-handling notes that matter when evaluating Semgrep.
Semgrep says local or fully CI-based scans keep source code in your computer or CI environment, with only metadata sent to Semgrep's service.
The privacy notice covers semgrep.dev and related services and says Semgrep collects submitted, device, and usage data.
Semgrep Assistant privacy docs say AI-powered detection can send part of a file with a finding to model providers.
Compliance
Public compliance or enterprise-governance signals we found for Semgrep.
SOC 2 Type II
GDPR
Access
How to integrate or build around Semgrep.
Public API
Yes
Docs
Available
Alternatives
Other tools worth considering alongside Semgrep.
AI code review and security platform for pull requests, IDEs, CLI, and pentesting workflows.
AI code review platform with IDE, CLI, PR, and context-engine workflows.
AI code review and planning platform for pull requests, IDEs, and CLI workflows.
AI coding assistant centered on JetBrains IDEs with autocomplete, agent, and code review features.
Product Snapshot
Semgrep is a software security platform for static application security testing, software composition analysis, and secrets detection. It can run locally, in CI/CD, and in the Semgrep AppSec Platform.
What You Can Do With It
- Scan first-party code, dependencies, and secrets with Semgrep Code, Semgrep Supply Chain, and Semgrep Secrets.
- Run scans through the CLI, IDE plugins, PR and merge-request checks, and CI/CD workflows.
- Triage findings, add notes, and use remediation workflows in the Semgrep AppSec Platform.
- Use the public API on Team and Enterprise tiers to list deployments, projects, and findings.
Why It Stands Out
It combines code scanning, dependency analysis, secrets detection, hosted triage workflows, and policy-driven developer integrations in one AppSec product.
Tradeoffs To Know
- The pricing model is split across Code, Supply Chain, and Secrets instead of one flat platform fee.
- Source code from local or fully CI-based scans can stay in your environment, but Semgrep says AI-powered detections may send part of a flagged file to model providers.
- The public API is limited to paid Team and Enterprise tiers.