Semgrep, which stands for “semantic grep,” is a fast, lightweight, polyglot, open source static analysis tool to find bugs and enforce code standards. It is used internally by many companies including Dropbox and Snowflake. Semgrep is also now used as the default Static Application Security Testing (SAST) tool in Gitlab for Python, Javascript, and Typescript.

As opposed to most static analysis tools, Semgrep makes it easy to define your own rule by providing a Domain Specific Language (DSL) to write code patterns that looks like regular code. You can easily learn and experiment with Semgrep by using a web-based editor called the Playground.