Announcing Opengrep: Continuing the Open-Source Mission for Static Code Analysis

At Jit, we are proud to announce our participation in a consortium of companies that have come together to launch Opengrep, a continuation of Semgrep’s groundbreaking OSS. Opengrep is born out of our shared commitment to keeping static code analysis open, accessible, and community-driven.

Background: Semgrep’s Role in Democratizing SAST

Since its inception, our friends at Semgrep have played a pivotal role in the open-source security community. Their OSS engine, a smart and efficient code scanner, and its OSS rules have been invaluable tools for developers worldwide. Semgrep’s commitment to providing developers with an open and shareable way to secure their applications has been truly remarkable. Millions of users and contributors have built a thriving ecosystem around these projects, advancing static application security testing (SAST) and making it more accessible to all.

Introducing Opengrep: Keeping the Vision Alive

To ensure the continuity of the open and transparent SAST solution that Semgrep has pioneered, a consortium of more than ten organizations, including Jit, has launched Opengrep, a fork of Semgrep OSS. Opengrep preserves the foundational principles of openness and community-driven development, ensuring that static code analysis remains a shared standard that developers can rely on.

Our Commitment to Opengrep:

• Accessibility For Everyone: Opengrep’s engine and rules will remain open and transparent, free from the restrictions that hinder innovation or adoption.

• Improved Functionality: By restoring access to features that were set to become restricted and introducing innovative new capabilities, Opengrep strives to deliver a more powerful and versatile scanning engine.

• Long-Term Stability: To guarantee its open future, Opengrep will eventually transition to foundation management, safeguarding its independence from any single vendor.

• Community Collaboration: Contributions and pull requests will be evaluated on merit, ensuring a vibrant and inclusive ecosystem.

Why Opengrep Matters

The mission of Opengrep is simple yet profound: democratize static code analysis to empower developers to build secure software without barriers. By pooling resources and expertise, the Opengrep consortium is committed to advancing static code analysis, enabling:

• A backward-compatible engine that integrates seamlessly into existing workflows.

• Improved scanning capabilities, unlocking new possibilities for community rules.

• Assurance that your rules remain portable and not tied to specific vendors.

What’s Next?

We’re looking forward to continuing and growing our partnership with Semgrep on their commercial offerings, as we believe they will remain a leader and innovator in the security space.

We’re also excited to continue our support in helping grow the Opengrep community and project, as driving innovation in OSS is at the core of who we are at Jit. 

If you’d like to learn more about the plans for Opengrep, join us for our virtual open roadmap session on Thursday February 20th. Let’s work together to make secure software development scalable, accessible, and impactful for everyone!

For more details, visit opengrep.dev or reach out to me directly at aviram@jit.io