Hi everyone! We (a consortium of 10+ organizations in the application security space) are launching Opengrep, a fork of SemgrepCS (formerly SemgrepOSS), in response to recent changes by Semgrep that affect its open-source nature and shift focus to its paid offering, limiting access and innovation for the broader community.
Our commitment to Opengrep ensures that its static code analysis engine and rules remain accessible to everyone. We’re investing for the long term with a strong roadmap for impactful new features. Together, we will democratize Static Application Security Testing (SAST) and code security to empower developers to build more secure software.
Have any of you guys contributed previously to Semgrep OSS / other open source security projects? Would go a long way to establishing credibility here, I recommend putting it on your website
If the answer is no, I’m a bit sussed out because then my interpretation of this situation is that 10 ceos told their employees to fork Semgrep, and no parties involved understand what they are getting into/what the community wants
I completely understand your concern. A few points to consider:
- Regarding hearing what the community wants, there is a public calendar with Q&A and roadmap discussions for the community. https://lu.ma/opengrep I encourage you to voice your views there.
- Regarding commitment to contribute to opengrep, the supporting companies are pooling resources to actively fund the project for the benefit of everyone.
Our commitment to Opengrep ensures that its static code analysis engine and rules remain accessible to everyone. We’re investing for the long term with a strong roadmap for impactful new features. Together, we will democratize Static Application Security Testing (SAST) and code security to empower developers to build more secure software.
https://www.opengrep.dev