Skills
.Work. You
Rest

semgrep

Community

Fast, rules-based security scanning for code.

Software Engineering#security#CI/CD#static-analysis#semgrep#pattern-matching#taint
Authorroderik
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Semgrep provides fast, accessible static analysis to identify security vulnerabilities and coding issues directly in codebases, reducing manual review time.

Core Features & Use Cases

  • Quick Scan: Auto-detects or uses curated rule sets to find common vulnerability patterns.
  • Rulesets & Custom Rules: Write YAML-based rules to enforce standards and catch bugs specific to your codebase.
  • CI/CD Integration: Run semantic analysis in pipelines using SARIF/JSON outputs for automated checks.
  • Data-Flow (Taint) Analysis: Track data flow to identify potential insecure usage and injection points.
  • Use Case: Imagine scanning a Python project to locate hard-coded secrets and risky API usages.

Quick Start

Install Semgrep via pip, Homebrew, or Docker, then run a first scan with automatic configuration on your codebase. For example: semgrep --config auto .

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: semgrep
Download link: https://github.com/roderik/mpe/archive/main.zip#semgrep

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.