Opengrep Open Source Project Launched
January 27, 2025

Endor Labs, Aikido Security, Arnica, Amplify, Kodem, Legit, Mobb and Orca Security have launched Opengrep to ensure static code analysis remains truly open, accessible and innovative for everyone:

A fork of Semgrep OSS, the new project is in response to recent changes by Semgrep that compromise its open source nature and limit access and innovation for the broader community.

The new project, Opengrep is built on three core principles:

1. True Open Source: All features and capabilities remain accessible to everyone, with no artificial restrictions or commercial gates.

2. Community Governance: Development priorities are set collectively, with contributions evaluated based on merit rather than commercial interests.

3. Foundation Management: A clear 12-month roadmap to transition to foundation oversight (like OWASP or Linux Foundation) ensures long-term stability.

By switching to Opengrep, developers get:

- Full access to all scanning capabilities without feature restrictions

- Backward compatibility with existing workflows and JSON/SARIF outputs

- Portable security rules that work across any environment

- Community-driven feature development

- Long-term stability through foundation governance

“Static code analysis is too important to be restricted,” said Varun Badhwar, CEO and co-founder of Endor Labs. “As one of the creators of Opengrep, Endor Labs is ensuring that security tooling remains open, innovative, and accessible to all. This isn't just about preserving existing capabilities—it's about building a future where security tools evolve through collaboration rather than commercial interests. By preserving and advancing open source security tooling, we can create a more secure future for software development—one where security capabilities are democratized, innovation is unrestricted, and the community's needs come first.”

Share this

Industry News

February 10, 2025

Harness and Traceable have entered into a definitive merger agreement, creating an advanced AI-native DevSecOps platform.

February 10, 2025

Endor Labs announced a partnership with GitHub that makes it easier than ever for application security teams and developers to accurately identify and remediate the most serious security vulnerabilities—all without leaving GitHub.

February 07, 2025

Are you using OpenTelemetry? Are you planning to use it? Click here to take the OpenTelemetry survey.

February 06, 2025

GitHub announced a wave of new features and enhancements to GitHub Copilot to streamline coding tasks based on an organization’s specific ways of working.

February 06, 2025

Mirantis launched k0rdent, an open-source Distributed Container Management Environment (DCME) that provides a single control point for cloud native applications – on-premises, on public clouds, at the edge – on any infrastructure, anywhere.

February 06, 2025

Hitachi Vantara announced a new co-engineered solution with Cisco designed for Red Hat OpenShift, a hybrid cloud application platform powered by Kubernetes.

February 06, 2025

Onapsis announced Onapsis Control Central for SAP application security testing and custom code security supporting RISE with SAP transformations.

February 05, 2025

Progress announced its recognition in the 2025 Gartner Magic Quadrant for Digital Experience Platforms.

February 05, 2025

Copado announced comprehensive DevOps support for Salesforce Data Cloud deployments, enabling organizations to streamline the development and deployment of Agentforce solutions.

February 05, 2025

Appfire announced its acquisition of Flow, an enterprise software product for Software Engineering Intelligence (SEI), from Pluralsight.

February 04, 2025

Check Point® Software Technologies Ltd. announced new Infinity Platform capabilities to accelerate zero trust, strengthen threat prevention, reduce complexity, and simplify security operations.

February 04, 2025

WaveMaker announced the release of WaveMaker AutoCode, an AI-powered plugin for the Figma universe that produces pixel-perfect front-end components with lightning fast accuracy.

February 04, 2025

DoiT announced the acquisition of PerfectScale, an automated Kubernetes (K8s) optimization and governance platform.

February 03, 2025

Linux Foundation Europe and OpenSSF announced a global joint-initiative to help prepare maintainers, manufacturers, and open source stewards for the implementation of the EU Cyber Resilience Act (CRA) and future cybersecurity legislation targeting jurisdictions around the world.