An application security platform built on a fast static analysis engine that finds and helps fix code vulnerabilities.

Is Semgrep open source?

Yes, its core engine is open source, with a commercial platform adding dataflow analysis, dependency scanning, and AI features.

How much has Semgrep raised?

$204M total, including a $100M Series D led by Menlo Ventures in February 2025.

What languages does it support?

Semgrep supports dozens of programming languages for pattern-based scanning.

Yes, it includes AI-assisted triage to reduce false positives and propose fixes.

Startups AI Code Review Semgrep

Semgrep

Active

Autonomous code security and static analysis for developers

📍 San Francisco 📅 Founded 2017 🏷 AI Code Review

Visit website

Total raised

$100M

1 round

Stage

Series D

Feb 2025

Team

—

Pricing

Freemium

free plan

Founded

2017

San Francisco

Agent-ready

API · Webhooks

Score 75/100

About Semgrep

Overview

Semgrep is an application security company built around a fast, open-source static analysis engine that scans source code for vulnerabilities and bugs using lightweight, pattern-based rules. Originally created at r2c, Semgrep has grown into a full code security platform that combines SAST, software composition analysis, and secrets detection with increasingly autonomous, AI-assisted triage and remediation.

Platform and AI

Semgrep's engine supports dozens of languages and lets teams write custom rules that look like the code they are checking. Its commercial platform layers on dataflow analysis, dependency scanning, and an AI assistant that reduces false positives and proposes fixes, allowing security programs to scale without slowing developers. The approach emphasizes integrating security directly into developer workflows and CI pipelines.

Funding and Adoption

Semgrep raised a $100M Series D led by Menlo Ventures in February 2025, with participation from Felicis, Harpoon, Lightspeed, Redpoint, and Sequoia, bringing total funding to $204M. The platform is widely adopted across engineering organizations that want cost-effective, high-signal code security embedded in their development process.

Key capabilities

Fast pattern-based static analysis (SAST)

Software composition analysis

Secrets detection

Custom rule authoring

AI-assisted triage and fixes

CI/CD pipeline integration

Open-source core engine

Agent readiness

75/100

Agent-ready

MCP server

Public API

Webhooks

OAuth 2.0

SDKs · Python

Funding history

1 · $100M

Feb 2025 Series D $100M ● Menlo Ventures

Capital network

$204M raised ·6 backers·10 network links

Backers6
Menlo VenturesLead investorLead Sequoia Capital1 round Redpoint Ventures1 round Lightspeed Venture Partners1 round Felicis Ventures1 round Harpoon Ventures1 round
Shared portfoliocompanies these backers also fund
Anthropic2 Aurora2 OpenRouter2 Inferact2 FLORA2
Extended networkfunds that co-invest alongside them
Lightspeed Venture Partners5 Andreessen Horowitz3 Spark Capital3 Salesforce Ventures3 Amazon3

Key operators

Drew Dennison

co-founder

Isaac Evans

ceo

Alternatives

6 All →

Upwind

Runtime-first cloud security platform

AI for Cyber Defense

Noma Security

End-to-end security for agentic AI

AI InfrastructureAI for Cyber Defense

XBOW

Autonomous offensive security AI

AI for Cyber Defense

Snyk

The AI Security Fabric for securing code, models, and agents in the age of AI-driven development.

AI Developer ToolsAI for Cyber Defense

Greptile

AI code review agent with complete codebase context

AI Code Review

WitnessAI

AI safety and governance platform for the enterprise

AI SafetyAI Governance

Frequently asked

What is Semgrep?: An application security platform built on a fast static analysis engine that finds and helps fix code vulnerabilities.
Is Semgrep open source?: Yes, its core engine is open source, with a commercial platform adding dataflow analysis, dependency scanning, and AI features.
How much has Semgrep raised?: $204M total, including a $100M Series D led by Menlo Ventures in February 2025.
What languages does it support?: Semgrep supports dozens of programming languages for pattern-based scanning.
Does Semgrep use AI?: Yes, it includes AI-assisted triage to reduce false positives and propose fixes.

Discussion

Watching

Get Semgrep updates

New funding, product launches, and team changes — to your inbox.

Follow startup

Claim ownership

Verify with your work email to manage this listing.

Explore more around Semgrep

Contextual paths to related AI startups, deals and rankings.

Similar to Semgrep

Compare

Alternatives

All alternatives to Semgrep

Semgrep

Claim Semgrep

Enter your code

Claim approved

Claim received

Claim Semgrep

Enter your code

Claim approved

Claim received

About Semgrep

Overview

Platform and AI

Funding and Adoption

Key capabilities

Agent readiness

Funding history

Capital network

Key operators

Drew Dennison

Isaac Evans

Alternatives

Upwind

Noma Security

XBOW

Snyk

Greptile

WitnessAI

Frequently asked

Explore more around Semgrep

Similar to Semgrep

Categories

Compare

Alternatives

Rankings