Semgrep Tech Stack

Static analysis platform combining deterministic scanning with AI for code security

Software Development San Francisco, California 201–500 employees Founded 2017 Privately Held

Semgrep is a code security platform that merges static analysis with AI reasoning to detect and triage vulnerabilities in development workflows. The stack—Python, TypeScript, PostgreSQL, Dgraph, plus integrations with OpenAI, Anthropic, and Hugging Face—shows heavy investment in both deterministic rule-based detection and LLM-powered reasoning. Active adoption of Elasticsearch, Cursor, and Claude signals continued prioritization of AI-assisted vulnerability understanding and developer experience, while the sales-forward hiring mix (20 sales roles against 16 engineering) reflects a company scaling GTM alongside product maturation.

Tech Stack 36 technologies

Core StackSnowflake Figma Python TypeScript PostgreSQL Slack Salesforce Rippling OpenAI Anthropic Hugging Face AWS OpenTelemetry Datadog React Flask Kubernetes AWS RDS Marketo Asana Dgraph LinkedIn Outreach Google OCaml GPT-4 Codex Claude SQLAlchemy Aurora+2 more

AdoptingElasticsearch Cursor GitHub Copilot Claude

What Semgrep Is Building

◆Challenges

Reducing false positives
Minimizing customer friction
Reducing software vulnerabilities before go live
Reduce false positives backlog
Improving vulnerability detection quality
Shrinking backlog
Reducing noise from vulnerability alerts
Accelerating adoption across engineering and security teams
Expanding partner ecosystem
Improving cross-functional repeatability

▲Active Projects

Content creation for external consumption
Creating tools for non-designers to make better design decisions
Partner-led growth plan
Customer adoption automation
Automation for semgrep deployment
Designing experiences for appsec engineers in ide
Cross-product integrations for vulnerability triage
Customer satisfaction improvement
Cs operating model
Data systems architecture

Hiring Activity

Steady55 roles · 25 in 30d

Department

Sales

Engineering

Marketing

Security

Design

Data

Finance

Seniority

Senior

Manager

Mid

Staff

Junior

Director

Lead

Company intelligence

Find more companies like Semgrep by tech stack, pain points and active projects

Get started free

About Semgrep

Semgrep provides a unified platform for static application security testing (SAST), software composition analysis (SCA), and secrets scanning, integrating directly into developer workflows and CI/CD pipelines. The company serves engineering and security teams at mid-to-large organizations, particularly those prioritizing shift-left security practices. The product combines deterministic pattern matching with AI-powered analysis to reduce false positives and surface reachable vulnerabilities. Core operational challenges center on alert fatigue—minimizing false positives, reducing noise, and accelerating team adoption—alongside cross-product integrations for triage workflows and expansion of partner-led distribution channels.

HeadquartersSan Francisco, California

Company Size201–500 employees

Founded2017

Hiring MarketsUnited States, United Kingdom, Australia

Frequently Asked Questions

What tech stack does Semgrep use?

Core: Python, TypeScript, PostgreSQL, Dgraph. Infrastructure: AWS, Kubernetes, RDS, Aurora. AI: OpenAI, Anthropic, Hugging Face, Claude, GPT-4. Data/ops: Snowflake, Datadog, OpenTelemetry. Sales tools: Salesforce, Outreach, Rippling, Marketo.

What AI models does Semgrep integrate?

OpenAI (GPT-4, Codex), Anthropic (Claude), and Hugging Face models. Currently adopting Claude and GitHub Copilot as part of expanded AI-assisted detection and remediation workflows.