{"id":"semgrep-api","name":"Semgrep API","af_score":77.6,"security_score":null,"reliability_score":null,"what_it_does":"Semgrep is a fast, open-source static analysis engine with a cloud platform (Semgrep AppSec Platform) for managing findings across codebases at scale. The REST API provides programmatic access to scan findings, project management, deployment configuration, and supply chain vulnerability data. Semgrep's rule language enables custom pattern matching without complex ASTs, making it popular for both security research and DevSecOps automation. The API is the automation layer for teams running Semgrep in CI/CD and wanting to build custom triage, reporting, or remediation workflows.","best_when":"You run Semgrep in CI/CD and need to programmatically access findings, manage policy, or build automated triage and reporting workflows on top of code scanning results.","avoid_when":"You need API access but are on the Free plan (no API access), or you need runtime/DAST capabilities rather than static source analysis.","last_evaluated":"2026-03-01T09:50:06.175816+00:00"}