The fully open source code analysis engine. Quickly analyze large code bases & fix security issues at scale. Initiated by 10 rival security orgs, Opengreps promises to advance and commoditize static code security for the free use of all.
Hey Product Hunt – Roeland from Aikido.dev here.
TL;DR Together with 10 rival security orgs, we’re excited to launch Opengrep, an open-source static code analysis engine built to ensure code security testing remains truly open and accessible to everyone.
Why Opengrep?
Recently, Semgrep made changes that shifted critical features of its OSS engine and community-contributed rules behind a commercial license. While this was their decision, it left a gap for developers and organizations who believe security should be collaborative, open, and freely available. Enter Opengrep.
What makes Opengrep special
– A fully open-source static code analysis engine with no hidden features or license constraints.
– Backward compatibility with common JSON and SARIF outputs, making adoption seamless.
– Community-focused development, with contributions reviewed and accepted on merit—not tied to any single company’s commercial goals.
– Your rules won’t be locked into specific vendors, so you can take them easily between your jobs no matter which code security provider they use.
– Long-term stability and future-proofing with plans to transition Opengrep under foundation management.
Our mission: discovering security issues must remain accessible to all. Opengrep will empower every developer with open and transparent SAST, making secure software development a shared standard.
Whether you’re a developer, security engineer, or part of a vendor community, your contributions matter! Join us in building a robust, open alternative that prioritizes progress and accessibility.
How you can get involved:
– Give Opengrep a try and let us know your feedback.
– Contribute to the project—our doors are open for PRs and community ideas.
– Join our open roadmap session on February 20th to shape the future of Opengrep. Registration link can be found on Opengrep socials.
Security is for everyone, and we’re here to make it a reality. Let’s build something amazing together!
Drop any questions or thoughts in the comments—we’d love to hear from you.
Opengrep is a great tool for analyzing the security of open-source code! It allows you to quickly analyze large codebases and effectively resolve security issues at a scalable level.
Like James said “if you pull the rug from under an open source project, you’re gonna get forked!”
It felt weirdly good working with all our competitors on this. Big step for the community.
Really interesting to see a tool created by rival security organizations—didn’t expect that! The idea of quickly analyzing large codebases for security issues sounds super useful, but it makes me wonder how easy it is to set up and what languages it supports. Definitely worth checking out since it’s free and open source!
I always love to see a tool that is working towards a greater good & Opengrep seems exactly this sort of platform.
I look forward to giving it a try very soon!
Best of luck w/ the launch Roeland & team!!
Semgrep: let's democratize expensive and exclusive security software with an open-source project 🌈
Devs: Yay awesome!
Also Semgrep: holddddd up we can actually make loads of money of of this now...
Devs: nooooooo why
Opengrep: I gotchu fam 😎
At Aikido Security, we’re proud to be part of this industry-wide collaboration to create a truly open source static code analysis engine.
We’re also focused on growing the r/opengrep Reddit community, a space for developers, security enthusiasts, and contributors to share ideas and collaborate on improving the Opengrep engine. Come join the conversation here if you want to be involved!
I didn't think 2025 would start with a slack group working together with all of our direct competitors...
The thing is– open source license changes and critical feature migration cause uncertainty and disruption for the communities that use them. Vendor-led open-source often prioritize commercial interests over community to make it to the “big leagues.” And that sucks.
So, we’re taking action.
Together, we are rallying behind Opengrep, in a coordinated, industry-wide stand to protect open-source and make secure software development a shared standard.
What can you expect? Performance improvements, unlocking pro-only features, extended language supports, migrating critical features back to the engine, and new advancements: windows compatibility, cross-file analysis, the roadmap is long.
Let's work together to advance and ensure an open future for security for devs.
Aikido Security is joined by the co-founders of Nir Valtman (CEO, Arnica), Ali Mesdaq (CEO, Amplify Security), Varun Badhwar (CEO, Endor Labs), Aviram Shmueli (CIO, Jit), Pavel Furman (CTO, Kodem), Liav Caspi (CTO, Legit), Eitan Worcel (CEO, Mobb), and Yoav Alon (CTO, Orca Security) as the launching sponsors.
Leverage and contribute to Opengrep today. Join the open roadmap session on 20th February. Follow along on X. Open an issue on https://github.com/opengrep/open....
Hey Product Hunt! 👋
We’re excited to introduce Opengrep, an open-source static code analysis engine built to ensure code security testing remains truly open and accessible to everyone. 🚀
🤔 Why Opengrep?
Recently, Semgrep made changes that shifted critical features of its OSS engine and community-contributed rules behind a commercial license. While this was their decision, it left a gap for developers and organizations who believe security should be collaborative, open, and freely available. Enter Opengrep.
🌟 What makes Opengrep special
– A fully open-source static code analysis engine with no hidden features or license constraints.
– Backward compatibility with common JSON and SARIF outputs, making adoption seamless.
– Community-focused development, with contributions reviewed and accepted on merit—not tied to any single company’s commercial goals.
– Your rules won't be locked into specific vendors, so you can take them easily between your jobs no matter which code security provider they use.
– Long-term stability and future-proofing with plans to transition Opengrep under foundation management.
🌐 Our mission: discovering security issues must remain accessible to all. Opengrep will empower every developer with open and transparent SAST, making secure software development a shared standard.
💻 Whether you’re a developer, security engineer, or part of a vendor community, your contributions matter! Join us in building a robust, open alternative that prioritizes innovation and accessibility.
💬 How you can get involved:
– Give Opengrep a try and let us know your feedback.
– Contribute to the project—our doors are open for PRs and community ideas.
– Join our open roadmap session on February 6th to shape the future of Opengrep. Registration link can be found on Opengrep socials.
Security is for everyone, and we’re here to make it a reality. Let’s build something amazing together! 🔒✨
Drop any questions or thoughts in the comments—we’d love to hear from you. 😊
#OpenGrep #OpenSource #CodeSecurity
