Semgrep Static Analysis

Run lightweight static analysis on your code using Semgrep. Supports 30+ languages with customizable rules for security vulnerabilities, bug patterns, and code style enforcement.

Semgrep provides fast, pattern-based static analysis that finds bugs and security issues without compilation. This skill helps you write custom rules, run targeted scans, triage results, and integrate findings into your review workflow.

When to use

Use for security-focused code reviews, enforcing coding standards across a monorepo, or catching common vulnerability patterns like SQL injection, XSS, and insecure deserialization.

Examples

Security scan for OWASP Top 10

Check your code against common vulnerability patterns

Run a Semgrep security scan focused on OWASP Top 10 vulnerabilities in this project

Custom rule creation

Write a Semgrep rule for your team's coding standards

Create a Semgrep rule that catches any direct database queries not using parameterized statements