{"name":"Opengrep: Static Code Analysis for Security Vulnerabilities","description":"Opengrep is an open-source static code analysis engine, forked from Semgrep, designed to identify security issues in code rapidly. It offers powerful semantic grep capabilities across over 30 programming languages, making secure software development more accessible and vendor-neutral. Driven by a collective of AppSec organizations, Opengrep is committed to advancing SAST and keeping it open for the long term.","github":"https://github.com/opengrep/opengrep","url":"https://osrepos.com/repo/opengrep-opengrep","source":"osrepos.com","sourceDescription":"This repository profile is provided by osrepos.com, an open source repository discovery platform.","repositoryProfile":"https://osrepos.com/repo/opengrep-opengrep","generatedFor":"open source discovery and AI-assisted research","markdown":"https://osrepos.com/repo/opengrep-opengrep.md","json":"https://osrepos.com/repo/opengrep-opengrep.json","topics":["OCaml","Static Analysis","Code Security","SAST","Security Tools","Open Source","Developer Tools","Semgrep Fork"],"keywords":["OCaml","Static Analysis","Code Security","SAST","Security Tools","Open Source","Developer Tools","Semgrep Fork"],"stars":null,"summary":"Opengrep is an open-source static code analysis engine, forked from Semgrep, designed to identify security issues in code rapidly. It offers powerful semantic grep capabilities across over 30 programming languages, making secure software development more accessible and vendor-neutral. Driven by a collective of AppSec organizations, Opengrep is committed to advancing SAST and keeping it open for the long term.","content":"## Introduction\n\nOpengrep is an ultra-fast static code analysis engine designed to help developers and organizations find and fix security issues in their code efficiently. As a fork of Semgrep, licensed under LGPL 2.1, Opengrep aims to make secure software development a shared standard by providing open and advanced static analysis capabilities.\n\nInitiated by a collective of AppSec organizations, Opengrep is committed to making SAST (Static Application Security Testing) widely accessible, advancing its engine with impactful new features, and ensuring it remains open and vendor-neutral for the long term. It supports over 30 programming languages, offering powerful semantic grep for intuitive pattern matching and customizable rules.\n\n## Installation\n\nOpengrep provides a straightforward installation process. The recommended method is using the official install script:\n\nbash\ncurl -fsSL https://raw.githubusercontent.com/opengrep/opengrep/main/install.sh | bash\n\n\nIf you have cloned the repository, you can run the `install.sh` script from the root directory:\n\nbash\n./install.sh\n\n\nAlternatively, binaries are available for manual installation on the [Opengrep release page](https://github.com/opengrep/opengrep/releases){:target=\"_blank\"}.\n\n## Examples\n\nGetting started with Opengrep involves defining rules and scanning your code. Here's a quick example demonstrating how to detect an \"unwrap\" operation in Rust, which can be a potential panic risk.\n\nFirst, create a rule file named `rules/demo-rust-unwrap.yaml`:\n\nyml\nrules:\n- id: unwrapped-result\n pattern: $VAR.unwrap()\n message: \"Unwrap detected - potential panic risk\"\n languages: [rust]\n severity: WARNING\n\n\nNext, create a Rust code file named `code/rust/main.rs` that contains the risky unwrap:\n\nrust\nfn divide(a: i32, b: i32) -> Result {\n if b == 0 {\n return Err(\"Division by zero\".to_string());\n }\n Ok(a / b)\n}\n\nfn main() {\n let result = divide(10, 0).unwrap(); // Risky unwrap!\n println!(\"Result: {}\", result);\n}\n\n\nEnsure your directory structure looks like this:\n\nshell\n.\n??? code\n? ??? rust\n? ??? main.rs\n??? rules\n ??? demo-rust-unwrap.yaml\n\n\nNow, run Opengrep to scan your code:\n\nbash\n? opengrep scan -f rules code/rust\n\n????????????????\n? Opengrep CLI ?\n????????????????\n\n\nScanning 1 file (only git-tracked) with 1 Code rule:\n\n CODE RULES\n Scanning 1 file.\n\n PROGRESS\n\n ???????????????????????????????????????? 100% 0:00:00\n\n\n??????????????????\n? 1 Code Finding ?\n??????????????????\n\n code/rust/main.rs\n ?? rules.unwrapped-result\n Unwrap detected - potential panic risk\n\n 9? let result = divide(10, 0).unwrap(); // Risky unwrap!\n\n\n\n????????????????\n? Scan Summary ?\n????????????????\n\nRan 1 rule on 1 file: 1 finding.\n\n\nOpengrep successfully identified the potential issue. You can also obtain SARIF output for integration with other tools:\n\nbash\n? opengrep scan --sarif-output=sarif.json -f rules code\n ...\n? cat sarif.json | jq\n{\n \"version\": \"2.1.0\",\n \"runs\": [\n {\n \"invocations\": [\n {\n \"executionSuccessful\": true,\n \"toolExecutionNotifications\": []\n }\n ],\n \"results\": [\n {\n \"fingerprints\": {\n \"matchBasedId/v1\": \"a0ff5ed82149206a74ee7146b075c8cb9e79c4baf86ff4f8f1c21abea6ced504e3d33bb15a7e7dfa979230256603a379edee524cf6a5fd000bc0ab29043721d8_0\"\n },\n \"locations\": [\n {\n \"physicalLocation\": {\n \"artifactLocation\": {\n \"uri\": \"code/rust/main.rs\",\n \"uriBaseId\": \"%SRCROOT%\"\n },\n \"region\": {\n \"endColumn\": 40,\n \"endLine\": 9,\n \"snippet\": {\n \"text\": \" let result = divide(10, 0).unwrap(); // Risky unwrap!\"\n },\n \"startColumn\": 18,\n \"startLine\": 9\n }\n }\n }\n ],\n \"message\": {\n \"text\": \"Unwrap detected - potential panic risk\"\n },\n \"properties\": {},\n \"ruleId\": \"rules.unwrapped-result\"\n }\n ],\n \"tool\": {\n \"driver\": {\n \"name\": \"Opengrep OSS\",\n \"rules\": [\n {\n \"defaultConfiguration\": {\n \"level\": \"warning\"\n },\n \"fullDescription\": {\n \"text\": \"Unwrap detected - potential panic risk\"\n },\n \"help\": {\n \"markdown\": \"Unwrap detected - potential panic risk\",\n \"text\": \"Unwrap detected - potential panic risk\"\n },\n \"id\": \"rules.unwrapped-result\",\n \"name\": \"rules.unwrapped-result\",\n \"properties\": {\n \"precision\": \"very-high\",\n \"tags\": []\n },\n \"shortDescription\": {\n \"text\": \"Opengrep Finding: rules.unwrapped-result\"\n }\n }\n ],\n \"semanticVersion\": \"1.100.0\"\n }\n }\n }\n ],\n \"$schema\": \"https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/schemas/sarif-schema-2.1.0.json\"\n}\n\n\n## Why Use Opengrep?\n\nOpengrep stands out as a powerful tool for several reasons:\n* **Open and Vendor-Neutral**: It is an open-source project driven by a community of AppSec organizations, ensuring its long-term accessibility and neutrality.\n* **Fast and Powerful Analysis**: Leveraging semantic grep, it provides ultra-fast scanning of large codebases with intuitive pattern matching.\n* **Comprehensive Language Support**: With support for over 30 languages, Opengrep can be integrated into diverse development environments.\n* **Focus on Security**: It is specifically designed to find and help fix security vulnerabilities, enabling developers to ship more secure code.\n* **Customizable Rules**: Users can define their own rules to tailor the analysis to specific project needs and security policies.\n\n## Links\n\n* **GitHub Repository**: [https://github.com/opengrep/opengrep](https://github.com/opengrep/opengrep){:target=\"_blank\"}\n* **Opengrep Manifesto**: [https://opengrep.dev/](https://opengrep.dev/){:target=\"_blank\"}\n* **Contributing Guide**: [https://github.com/opengrep/opengrep/blob/main/CONTRIBUTING.md](https://github.com/opengrep/opengrep/blob/main/CONTRIBUTING.md){:target=\"_blank\"}\n* **License (LGPL-2.1)**: [https://github.com/opengrep/opengrep/blob/main/LICENSE](https://github.com/opengrep/opengrep/blob/main/LICENSE){:target=\"_blank\"}","metrics":{"detailViews":4,"githubClicks":3},"dates":{"published":null,"modified":"2025-11-03T08:01:51.000Z"}}