Imagine a world where static code analysis is scalable, accessible, and impactful for all. Opengrep is a true open-source detection engine to unlock security for every developer, share insights, and transform AppSec into a global force for secure innovation.

Hey Product Hunt – Roeland from Aikido.dev here. TL;DR Together with 10 rival security orgs, we’re excited to launch Opengrep, an open-source static code analysis engine built to ensure code security testing remains truly open and accessible to everyone. Why Opengrep? Recently, Semgrep made changes that shifted critical features of its OSS engine and community-contributed rules behind a commercial license. While this was their decision, it left a gap for developers and organizations who believe security should be collaborative, open, and freely available. Enter Opengrep. What makes Opengrep special – A fully open-source static code analysis engine with no hidden features or license constraints. – Backward compatibility with common JSON and SARIF outputs, making adoption seamless. – Community-focused development, with contributions reviewed and accepted on merit—not tied to any single company’s commercial goals. – Your rules won’t be locked into specific vendors, so you can take them easily between your jobs no matter which code security provider they use. – Long-term stability and future-proofing with plans to transition Opengrep under foundation management. Our mission: discovering security issues must remain accessible to all. Opengrep will empower every developer with open and transparent SAST, making secure software development a shared standard. Whether you’re a developer, security engineer, or part of a vendor community, your contributions matter! Join us in building a robust, open alternative that prioritizes progress and accessibility. How you can get involved: – Give Opengrep a try and let us know your feedback. – Contribute to the project—our doors are open for PRs and community ideas. – Join our open roadmap session on February 20th to shape the future of Opengrep. Registration link can be found on Opengrep socials. Security is for everyone, and we’re here to make it a reality. Let’s build something amazing together! Drop any questions or thoughts in the comments—we’d love to hear from you.

@roelandd that's fire ❤️‍🔥

I didn't think 2025 would start with a slack group working together with all of our direct competitors... The thing is– open source license changes and critical feature migration cause uncertainty and disruption for the communities that use them. Vendor-led open-source often prioritize commercial interests over community to make it to the “big leagues.” And that sucks. So, we’re taking action. Together, we are rallying behind Opengrep, in a coordinated, industry-wide stand to protect open-source and make secure software development a shared standard. What can you expect? Performance improvements, unlocking pro-only features, extended language supports, migrating critical features back to the engine, and new advancements: windows compatibility, cross-file analysis, the roadmap is long. Let's work together to advance and ensure an open future for security for devs. Aikido Security is joined by the co-founders of Nir Valtman (CEO, Arnica), Ali Mesdaq (CEO, Amplify Security), Varun Badhwar (CEO, Endor Labs), Aviram Shmueli (CIO, Jit), Pavel Furman (CTO, Kodem), Liav Caspi (CTO, Legit), Eitan Worcel (CEO, Mobb), and Yoav Alon (CTO, Orca Security) as the launching sponsors. Leverage and contribute to Opengrep today. Join the open roadmap session on 20th February. Follow along on X. Open an issue on https://github.com/opengrep/open....

@madelinelawren 🔥🔥🔥 For those interested, resharing link to the roadmap session: https://lu.ma/07bivwlz

@madelinelawren @michieldenis Pretty crazy how this has gotten so much traction in so little time!

Hey Product Hunt! 👋 We’re excited to introduce Opengrep, an open-source static code analysis engine built to ensure code security testing remains truly open and accessible to everyone. 🚀 🤔 Why Opengrep? Recently, Semgrep made changes that shifted critical features of its OSS engine and community-contributed rules behind a commercial license. While this was their decision, it left a gap for developers and organizations who believe security should be collaborative, open, and freely available. Enter Opengrep. 🌟 What makes Opengrep special – A fully open-source static code analysis engine with no hidden features or license constraints. – Backward compatibility with common JSON and SARIF outputs, making adoption seamless. – Community-focused development, with contributions reviewed and accepted on merit—not tied to any single company’s commercial goals. – Your rules won't be locked into specific vendors, so you can take them easily between your jobs no matter which code security provider they use. – Long-term stability and future-proofing with plans to transition Opengrep under foundation management. 🌐 Our mission: discovering security issues must remain accessible to all. Opengrep will empower every developer with open and transparent SAST, making secure software development a shared standard. 💻 Whether you’re a developer, security engineer, or part of a vendor community, your contributions matter! Join us in building a robust, open alternative that prioritizes innovation and accessibility. 💬 How you can get involved: – Give Opengrep a try and let us know your feedback. – Contribute to the project—our doors are open for PRs and community ideas. – Join our open roadmap session on February 6th to shape the future of Opengrep. Registration link can be found on Opengrep socials. Security is for everyone, and we’re here to make it a reality. Let’s build something amazing together! 🔒✨ Drop any questions or thoughts in the comments—we’d love to hear from you. 😊 #OpenGrep #OpenSource #CodeSecurity

Opengrep

The open source static code analysis engine

The open source static code analysis engine

Opengrep

The open source static code analysis engine

The open source static code analysis engine

Do you use Opengrep?

Do you use Opengrep?