echoloc
Get started
echoloc/ Companies/ Semgrep

Semgrep Tech Stack

Static analysis + AI for embedded code security across SAST, SCA, and secrets

Software Development San Francisco, California 201–500 employees Founded 2017 Privately Held
semgrep.dev LinkedIn

Semgrep combines deterministic static analysis with large language models (GPT-4, Anthropic, Hugging Face) to detect vulnerabilities, triage risk, and suggest fixes directly in development workflows. The company is actively adopting multiple AI vendors while maintaining OCaml and Rust for its core analysis engine, signaling a shift toward AI-assisted remediation. Sales hiring (15 open roles) outpaces engineering (9), pointing to post-product-market-fit expansion into larger enterprise accounts.

Tech Stack 39 technologies

Core StackCursor Python TypeScript PostgreSQL Slack Salesforce OpenTelemetry Datadog React Flask Kubernetes AWS Snowflake Figma GitLab CircleCI Jenkins Rust Rippling Outreach OCaml GPT-4 Codex SQLAlchemy Dropbox Buildkite Subversion Perforce GCP Dgraph+8 more
AdoptingOpenAI Anthropic Hugging Face AWS

What Semgrep Is Building

Challenges

  • Reducing false positives
  • Reducing software vulnerabilities before go live
  • Improving vulnerability detection quality
  • Minimizing customer friction
  • Shrinking backlog
  • Reducing churn risk
  • Scaling sales organization
  • User acquisition and activation
  • Supporting citizen developers
  • Improving adoption

Active Projects

  • Automation for semgrep deployment
  • Content creation for external consumption
  • Reimagine the information architecture of the semgrep app
  • Executive business reviews
  • Develop llm prompt chains for developer use cases
  • Develop new tooling and training processes
  • Create troubleshooting playbooks
  • Write documentation
  • Drive new user registrations and activations by reducing barrier to adopt ai product features
  • Personalized success plans

Hiring Activity

Accelerating40 roles · 20 in 30d

Department

Sales
15
Engineering
9
Marketing
4
Support
3
Security
2
Design
1
Ops
1
Product
1

Seniority

Senior
22
Junior
3
Manager
3
Staff
3
Director
2
VP
2
Mid
1
Company intelligence

Find more companies like Semgrep by tech stack, pain points and active projects

Get started free

About Semgrep

Semgrep is a code security platform that unifies SAST, SCA, and secrets scanning into a single developer-focused tool. The product embeds security checks into CI/CD pipelines and IDEs, catching vulnerabilities before code ships. The platform uses deterministic static analysis paired with AI reasoning to reduce false positives and prioritize reachable risks. Teams across multiple development environments (Python, TypeScript, JavaScript) can define or reuse security rules in a portable format. Customers span mid-market and enterprise (201–500 employees), with sales and customer success operations running on Salesforce and Outreach.

HeadquartersSan Francisco, California
Company Size201–500 employees
Founded2017
Hiring MarketsUnited States, Australia, United Kingdom, Singapore

Frequently Asked Questions

What tech stack does Semgrep use?

Core analysis: OCaml and Rust. Backend: Python, TypeScript, PostgreSQL, Flask. Infrastructure: Kubernetes, AWS, GCP. Integrations: GitLab, CircleCI, Jenkins, Buildkite. AI: GPT-4, Codex. Observability: Datadog, OpenTelemetry.

Where is Semgrep hiring?

United States, Australia, United Kingdom, and Singapore. Most roles are posted in the US market.

How this profile is built

Semgrep's technology stack, projects, and hiring signals are inferred from public hiring and company data — career pages, public listings, and company web presence — then clustered and de-duplicated. Figures are estimates that refresh over time. Read our full methodology →

This is not an official vendor or customer list. It is a technology-adoption signal inferred from public data, intended for B2B research.