semgrep

OfficialAgent-readyInfraSecurity

Static analysis, security scanning, and code rules from the terminal.

The official CLI from Semgrep. Static analysis, security scanning, and code rules from the terminal. Supports structured output — good for scripts and agents.

Task fit

static analysis, security scanning, and code rules from the terminal.

Lane

Work with Kubernetes, Terraform, containers, and ops tooling with more confidence.

Operator brief

Use semgrep for static analysis, security scanning, and code rules from the terminal.

Run `semgrep scan --config auto` and see what comes back.

Repository family

Semgrep

First trust check

semgrep responds locally and is ready for the first real command.

Safe first loop

Install, verify, then run one real command.

Infra inspection loop

Install command

$ brew install semgrep

Operator pack

Copy or export the working notes for this CLI before handing it to an agent.

Verify

$ semgrep --version

semgrep responds locally and is ready for the first real command.

First real command

$ semgrep scan --config auto

First steps

01Install semgrep.
02Run `semgrep --version` first.
03Start with `semgrep scan --config auto`.
04Install the infra CLI and verify kubeconfig, Docker context, or cloud credentials.

When to use / hold off when

Best for

static analysis, security scanning, and code rules from the terminal.

Use this when

You want security scanning you can script with structured output.

Hold off when

You don't work with security scanning.

Trust and constraints

automation-ready100/100

OfficialInstall readyAutomation-ready

JSON outputYes

Non-interactiveYes

CI-friendlyYes

Why operators pick it

semgrep fits infra well, especially for static analysis, security scanning, and code rules from the terminal.
It is the official CLI from Semgrep.
Good for scripts and agents.

Constraints