Top 12 Open-Source Alternatives to Semgrep

Product categories

APIs Chrome Extensions Clean Code Code Analysis Code Coverage Code Quality Code Review Developer Tools Open Source Security Security & Privacy Security CI

Summary

The top open-source alternatives to Semgrep are SonarQube, Snyk, and Cppcheck. One of the criteria for ordering this list is the number of mentions that products have on reliable external sources. You can suggest additional sources through the form here.

SonarQube Landing Page
1

SonarQube

SonarQube, a core component of the Sonar solution, is an open source, self-managed tool that systematically helps developers and organizations deliver Clean Code.
Pricing:
- Open Source
- Freemium
- Free Trial
- $150.0 / Annually
#Code Analysis #Code Review #Code Coverage 1 social mentions
Snyk Landing Page
2

Snyk

Snyk helps you use open source and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and much more.
Pricing:
- Open Source
#Security #Security Monitoring #Security CI 85 social mentions
Cppcheck Landing Page
3

Cppcheck

Cppcheck is an analysis tool for C/C++ code. It detects the types of bugs that the compilers normally fail to detect. The goal is no false positives. CppCheckDownload cppcheck for free.
Pricing:
- Open Source
#Code Analysis #Code Coverage #Development 10 social mentions
Shellcheck Landing Page
4

S

Shellcheck

ShellCheck finds bugs in your shell scripts
Pricing:
- Open Source
#Code Analysis #Code Coverage #Code Quality 29 social mentions
Bearer Landing Page
5

Bearer

Bearer is an open source, fast and accurate static application security testing (SAST) tool that analyze your source code to discover, filter and prioritize security and privacy risks.
Pricing:
- Open Source
- Freemium
- Free Trial
#Code Analysis #Security & Privacy #Security
CodeClimate Landing Page
6

CodeClimate

Code Climate provides automated code review for your apps, letting you fix quality and security issues before they hit production. We check every commit, branch and pull request for changes in quality and potential vulnerabilities.
Pricing:
- Open Source
#Code Coverage #Code Quality #Code Analysis 11 social mentions
GitGuardian Landing Page
7

GitGuardian

Detect secrets in source code, public and private!
Pricing:
- Open Source
#Security & Privacy #Chrome Extensions #Security 2 social mentions
Brakeman Landing Page
8

Brakeman

Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications.
Pricing:
- Open Source
#Code Analysis #Code Coverage #Code Review 7 social mentions
SonarCloud Landing Page
9

SonarCloud

Enhance your workflow with continuous code quality, SonarCloud automatically analyzes and decorates pull requests on GitHub, Bitbucket, Azure DevOps and GitLab on major languages.
Pricing:
- Open Source
- Freemium
- Free Trial
- €10.0 / Monthly (100,000 Lines of Code)
#Developer Tools #DevOps Tools #SAST 12 social mentions
OWASP Dependency-Track Landing Page
10

OWASP Dependency-Track

OWASP Dependency-Track is an intelligent Software Composition Analysis (SCA) platform that allows...
Pricing:
- Open Source
#Security #Code Analysis #Security & Privacy 19 social mentions
ESLint Landing Page
11

ESLint

The fully pluggable JavaScript code quality tool
Pricing:
- Open Source
#Code Coverage #Developer Tools #Code Quality 229 social mentions
betterscan.io
12

Betterscan.io

Cloud-Native Cybersecurity Software that secures both Cloud and Code
Pricing:
- Open Source
#Cyber Security #IT And Cybersecurity #Developer Tools