Reaction to Semgrep: Opengrep secures open code analysis tools

A consortium of over ten application security organizations has created Opengrep as a fork of Semgrep CE (Community Edition, formerly Semgrep OSS) to provide an open and accessible platform for static code analysis that is available to developers worldwide without commercial restrictions.

License changes as a trigger

Opengrep was created in response to license changes to Semgrep, a static code analysis tool that was originally developed as an open-source project to help developers identify security vulnerabilities and other problems in source code. In December 2024, the operators decided to move critical functions of their open-source engine behind a commercial license.

This change has apparently caused concern in the open-source community, as it restricts the accessibility and further development of static code analysis tools. To counteract this development and continue the mission of open software development, several organizations have joined forces to create Opengrep.

Impact on developers

For developers, Opengrep means that they will continue to have access to an open platform for static code analysis. According to the announcement, they can benefit from features that are only available in the commercial version of Semgrep. The operators guarantee that future improvements and functionalities will not be placed behind commercial licenses.

In addition, Opengrep offers the opportunity to actively contribute to further development and to participate in a community that is committed to open software development.

Read also

PHPStan 2.0: Stricter type checks and new analysis level

In addition to GitHub, the article on opengrep.dev provides further information.

(mdo)