Introducing Semgrep and r2c

r2c has developed Semgrep, an open-source code scanning tool designed to enhance software security by allowing developers to create custom security rules in minutes, offering an alternative to traditional compliance tools and simple linters. Unlike conventional commercial security tools, Semgrep aims to build guardrails for developers, similar to the approaches used by tech giants like Google, Facebook, and Amazon. With the backing of Redpoint Ventures and Sequoia Capital, r2c raised $13 million to further develop this tool, which has seen rapid adoption and growth, including support for multiple programming languages and integration with platforms like GitHub and GitLab. Semgrep's syntax-aware search capabilities facilitate the enforcement of secure coding practices, thereby increasing developer productivity and reducing security risks. Additionally, r2c offers Semgrep Community, a free service for managing Semgrep CI, and Semgrep Teams, a paid enterprise service, both aimed at providing modern AppSec program infrastructure. The Semgrep Registry, which contains over 900 rules contributed by r2c and the community, further supports developers in maintaining secure codebases.