An extensible developer-friendly application security platform that scans source code to surface true and actionable security issues with AI-assisted
I notice you've provided social media mentions that only show YouTube titles about "Semgrep AI" but no actual review content or detailed social mentions to analyze. Without the specific content of user reviews, complaints, pricing discussions, or detailed feedback, I cannot provide an accurate summary of what users think about Semgrep. To give you a meaningful analysis, I would need access to the actual text of user reviews, comments, or social media posts that contain substantive opinions about the tool's performance, features, pricing, and user experience.
Mentions (30d)
0
Reviews
0
Platforms
2
GitHub Stars
14,617
900 forks
I notice you've provided social media mentions that only show YouTube titles about "Semgrep AI" but no actual review content or detailed social mentions to analyze. Without the specific content of user reviews, complaints, pricing discussions, or detailed feedback, I cannot provide an accurate summary of what users think about Semgrep. To give you a meaningful analysis, I would need access to the actual text of user reviews, comments, or social media posts that contain substantive opinions about the tool's performance, features, pricing, and user experience.
Features
Use Cases
Industry
information technology & services
Employees
260
Funding Stage
Series D
Total Funding
$193.0M
395
GitHub followers
140
GitHub repos
14,617
GitHub stars
20
npm packages
2
HuggingFace models
Pricing found: $0/month, $0/month, $30 / month, $30/month, $30/month
I built a security scanner that runs inside Claude Code — 5,000+ rules, one command
I got tired of switching between my editor and separate security tools, so I built Shieldbot — an open-source security scanner that runs directly inside Claude Code as a plugin. You install it with: /plugin marketplace add BalaSriharsha/shieldbot /plugin install shieldbot /shieldbot . It runs 6 scanners in parallel: Semgrep (5,000+ community rules — OWASP Top 10, CWE Top 25, injection, XSS, SSRF) Bandit (Python security) Ruff (Python quality/security) detect-secrets (API keys, tokens, passwords in source code) pip-audit (Python dependency CVEs) npm audit (Node.js CVEs) Findings get deduplicated across scanners (same bug reported by Semgrep and Bandit shows up once, not twice), then Claude synthesizes everything into a prioritized report — risk score, executive summary, specific code fixes, and which findings are likely false positives. The first thing I did was run it on itself. It caught a Jinja2 XSS vulnerability in the HTML reporter that I'd missed. One real finding, zero false positives on secrets. You can also just talk to it naturally — "scan this repo for security issues" or "check my dependencies for CVEs" — and the agent kicks in. It also works as a GitHub Action if you want it in CI: - uses: BalaSriharsha/shieldbot@main Findings show up in GitHub's Security tab via SARIF. Everything runs locally. No code leaves your machine. The MCP server just pipes scanner results to Claude Code over stdio. GitHub: https://github.com/BalaSriharsha/shieldbot MIT licensed. Would appreciate feedback — especially on what scanners or report features you'd want added. submitted by /u/ILoveCrispyNoodles [link] [comments]
View originalI built Shield — an open-source security plugin for Claude Code that found 103 secrets and 36 vulnerabilities in my own project
Shield is a plugin that orchestrates security tools from a single /shield:shield command inside Claude Code. It auto-detects your stack, runs whichever tools are installed (Semgrep SAST, gitleaks secrets scanning, npm/pip/composer audit, Shannon pentester), consolidates everything into a unified report with a 0-100 risk score, and proposes code fixes with diffs. I tested it on my own Next.js monorepo: 36 dependency vulnerabilities (1 CRITICAL, 26 HIGH) 103 secrets in git history (AWS keys, Stripe tokens, OpenAI API keys) 77 SAST findings (XSS, hardcoded credentials, missing SRI) A .env with production credentials tracked in git that I didn't know about After fixing 3 direct dependencies and removing the exposed .env, the project went from 36 vulns to 0. Features: 6 modes: full, quick, fix, verify, score, outdated 34 custom Semgrep rules (JS/TS, Python, PHP) Dependency freshness check with SECURITY/MAJOR/MINOR/PATCH classification OWASP Top 10 / CWE / SOC 2 / PCI-DSS / HIPAA compliance mapping SARIF output for GitHub Security tab Security score badge for your README Graceful degradation — runs whatever you have installed 189 unit tests, MIT licensed Install: git clone https://github.com/alissonlinneker/shield-claude-skill.git cd shield-claude-skill && ./install.sh # Inside Claude Code: /plugin marketplace add /path/to/shield-claude-skill /plugin install shield@shield-security GitHub: https://github.com/alissonlinneker/shield-claude-skill Feedback and contributions welcome. Roadmap is organized as GitHub issues submitted by /u/alissonlinneker [link] [comments]
View originalRepository Audit Available
Deep analysis of semgrep/semgrep — architecture, costs, security, dependencies & more
Yes, Semgrep offers a free tier. Pricing found: $0/month, $0/month, $30 / month, $30/month, $30/month
Key features include: CLI, CI/CD, and IDEs (VS Code, JetBrains), PR checks in GitHub, GitLab, Bitbucket, Azure, Jira and ticketing workflow routing, APIs and webhooks, MCP integrations for AI tools like Cursor and Replit, Cloud context via partners including Palo Alto Networks, Sysdig, StackHawk, Clear, actionable findings, Fix issues in PRs, CI, IDEs, or AI tools.
Semgrep is commonly used for: Code security that unifies teams, accelerates delivery, and reduces real risk, For Developers, Clear, actionable findings, Fix issues in PRs, CI, IDEs, or AI tools, Ship faster with confidence.
Semgrep has a public GitHub repository with 14,617 stars.
