# Opengrep: Static Code Analysis for Security Vulnerabilities This repository profile is provided by osrepos.com, an open source repository discovery platform. Source: osrepos.com Repository profile: https://osrepos.com/repo/opengrep-opengrep Generated for open source discovery and AI-assisted research. Opengrep is an open-source static code analysis engine, forked from Semgrep, designed to identify security issues in code rapidly. It offers powerful semantic grep capabilities across over 30 programming languages, making secure software development more accessible and vendor-neutral. Driven by a collective of AppSec organizations, Opengrep is committed to advancing SAST and keeping it open for the long term. GitHub: https://github.com/opengrep/opengrep OSRepos URL: https://osrepos.com/repo/opengrep-opengrep ## Summary Opengrep is an open-source static code analysis engine, forked from Semgrep, designed to identify security issues in code rapidly. It offers powerful semantic grep capabilities across over 30 programming languages, making secure software development more accessible and vendor-neutral. Driven by a collective of AppSec organizations, Opengrep is committed to advancing SAST and keeping it open for the long term. ## Topics - OCaml - Static Analysis - Code Security - SAST - Security Tools - Open Source - Developer Tools - Semgrep Fork ## Repository Information Last analyzed by OSRepos: Mon Nov 03 2025 08:01:51 GMT+0000 (Western European Standard Time) Detail views: 4 GitHub clicks: 3 ## Safety Notice OSRepos shares public repositories for knowledge and discovery only. Review source code, dependencies, licenses, and security implications before running or installing anything. ## Content ## Introduction Opengrep is an ultra-fast static code analysis engine designed to help developers and organizations find and fix security issues in their code efficiently. As a fork of Semgrep, licensed under LGPL 2.1, Opengrep aims to make secure software development a shared standard by providing open and advanced static analysis capabilities. Initiated by a collective of AppSec organizations, Opengrep is committed to making SAST (Static Application Security Testing) widely accessible, advancing its engine with impactful new features, and ensuring it remains open and vendor-neutral for the long term. It supports over 30 programming languages, offering powerful semantic grep for intuitive pattern matching and customizable rules. ## Installation Opengrep provides a straightforward installation process. The recommended method is using the official install script: bash curl -fsSL https://raw.githubusercontent.com/opengrep/opengrep/main/install.sh | bash If you have cloned the repository, you can run the `install.sh` script from the root directory: bash ./install.sh Alternatively, binaries are available for manual installation on the [Opengrep release page](https://github.com/opengrep/opengrep/releases){:target="_blank"}. ## Examples Getting started with Opengrep involves defining rules and scanning your code. Here's a quick example demonstrating how to detect an "unwrap" operation in Rust, which can be a potential panic risk. First, create a rule file named `rules/demo-rust-unwrap.yaml`: yml rules: - id: unwrapped-result pattern: $VAR.unwrap() message: "Unwrap detected - potential panic risk" languages: [rust] severity: WARNING Next, create a Rust code file named `code/rust/main.rs` that contains the risky unwrap: rust fn divide(a: i32, b: i32) -> Result { if b == 0 { return Err("Division by zero".to_string()); } Ok(a / b) } fn main() { let result = divide(10, 0).unwrap(); // Risky unwrap! println!("Result: {}", result); } Ensure your directory structure looks like this: shell . ??? code ? ??? rust ? ??? main.rs ??? rules ??? demo-rust-unwrap.yaml Now, run Opengrep to scan your code: bash ? opengrep scan -f rules code/rust ???????????????? ? Opengrep CLI ? ???????????????? Scanning 1 file (only git-tracked) with 1 Code rule: CODE RULES Scanning 1 file. PROGRESS ???????????????????????????????????????? 100% 0:00:00 ?????????????????? ? 1 Code Finding ? ?????????????????? code/rust/main.rs ?? rules.unwrapped-result Unwrap detected - potential panic risk 9? let result = divide(10, 0).unwrap(); // Risky unwrap! ???????????????? ? Scan Summary ? ???????????????? Ran 1 rule on 1 file: 1 finding. Opengrep successfully identified the potential issue. You can also obtain SARIF output for integration with other tools: bash ? opengrep scan --sarif-output=sarif.json -f rules code ... ? cat sarif.json | jq { "version": "2.1.0", "runs": [ { "invocations": [ { "executionSuccessful": true, "toolExecutionNotifications": [] } ], "results": [ { "fingerprints": { "matchBasedId/v1": "a0ff5ed82149206a74ee7146b075c8cb9e79c4baf86ff4f8f1c21abea6ced504e3d33bb15a7e7dfa979230256603a379edee524cf6a5fd000bc0ab29043721d8_0" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "code/rust/main.rs", "uriBaseId": "%SRCROOT%" }, "region": { "endColumn": 40, "endLine": 9, "snippet": { "text": " let result = divide(10, 0).unwrap(); // Risky unwrap!" }, "startColumn": 18, "startLine": 9 } } } ], "message": { "text": "Unwrap detected - potential panic risk" }, "properties": {}, "ruleId": "rules.unwrapped-result" } ], "tool": { "driver": { "name": "Opengrep OSS", "rules": [ { "defaultConfiguration": { "level": "warning" }, "fullDescription": { "text": "Unwrap detected - potential panic risk" }, "help": { "markdown": "Unwrap detected - potential panic risk", "text": "Unwrap detected - potential panic risk" }, "id": "rules.unwrapped-result", "name": "rules.unwrapped-result", "properties": { "precision": "very-high", "tags": [] }, "shortDescription": { "text": "Opengrep Finding: rules.unwrapped-result" } } ], "semanticVersion": "1.100.0" } } } ], "$schema": "https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/schemas/sarif-schema-2.1.0.json" } ## Why Use Opengrep? Opengrep stands out as a powerful tool for several reasons: * **Open and Vendor-Neutral**: It is an open-source project driven by a community of AppSec organizations, ensuring its long-term accessibility and neutrality. * **Fast and Powerful Analysis**: Leveraging semantic grep, it provides ultra-fast scanning of large codebases with intuitive pattern matching. * **Comprehensive Language Support**: With support for over 30 languages, Opengrep can be integrated into diverse development environments. * **Focus on Security**: It is specifically designed to find and help fix security vulnerabilities, enabling developers to ship more secure code. * **Customizable Rules**: Users can define their own rules to tailor the analysis to specific project needs and security policies. ## Links * **GitHub Repository**: [https://github.com/opengrep/opengrep](https://github.com/opengrep/opengrep){:target="_blank"} * **Opengrep Manifesto**: [https://opengrep.dev/](https://opengrep.dev/){:target="_blank"} * **Contributing Guide**: [https://github.com/opengrep/opengrep/blob/main/CONTRIBUTING.md](https://github.com/opengrep/opengrep/blob/main/CONTRIBUTING.md){:target="_blank"} * **License (LGPL-2.1)**: [https://github.com/opengrep/opengrep/blob/main/LICENSE](https://github.com/opengrep/opengrep/blob/main/LICENSE){:target="_blank"}