Important updates to Semgrep OSS

Semgrep has rebranded its open-source tool Semgrep OSS to Semgrep Community Edition to emphasize its free, community-centric nature while differentiating it from commercial offerings. The rebranding includes a new licensing model, the Semgrep Rules License v.1.0, restricting the use of Semgrep-maintained rules to internal, non-competing contexts, impacting vendors using these rules in competing products or SaaS offerings. The tool remains free, with over 2,800 rules and is aimed at individuals and security professionals needing quick scans, whereas AppSec teams are directed to the Semgrep AppSec Platform for scalable solutions. Additionally, certain internal fields in JSON and SARIF outputs and experimental features are being transitioned to the logged-in commercial engine. Semgrep is committed to balancing its commercial growth with community support, providing a grace period until January 31, 2025, for vendors to adjust their usage, and welcomes feedback to ensure a successful transition.