| Languages | Semgrep Code Supports 35+ languages | Semgrep Supply Chain Supports 14 languages |
|---|---|---|
| C# | Generally available • Cross-file dataflow analysis • Supports up to C# 13 • 170+ Pro rules | Generally available • Reachability analysis • Can detect open source licenses • Can detect malicious dependencies |
| Go | Generally available • Cross-file dataflow analysis • 80+ Pro rules | Generally available • Reachability analysis • Can detect open source licenses • Can detect malicious dependencies |
| Java | Generally available • Cross-file dataflow analysis • Framework-specific control flow analysis • 190+ Pro rules | Generally available • Reachability analysis • Can detect open source licenses |
| JavaScript | Generally available • Cross-file dataflow analysis • Framework-specific control flow analysis • 250+ Pro rules | Generally available • Reachability analysis • Can detect open source licenses • Can detect malicious dependencies |
| Kotlin | Generally available • Cross-file dataflow analysis • 60+ Pro rules | Generally available • Reachability analysis • Can detect open source licenses |
| Python | Generally available • Cross-file dataflow analysis • Framework-specific control flow analysis • 710+ Pro rules • See Python-specific support details | Generally available • Reachability analysis • Can detect open source licenses • Can detect malicious dependencies |
| Typescript | Generally available • Cross-file dataflow analysis • Framework-specific control flow analysis • 230+ Pro rules | Generally available • Reachability analysis • Can detect malicious dependencies • Can detect open source licenses |
| C / C++ | Generally available • Cross-file dataflow analysis • 150+ Pro rules | N/a |
| JSX | Generally available • Cross-function dataflow analysis • 70+ Pro rules | Generally available • Reachability analysis • Can detect open source licenses |
| Ruby | Generally available • Cross-function dataflow analysis • 40+ Pro rules | Generally available • Reachability analysis • Can detect open source licenses • Can detect malicious dependencies |
| Scala | Generally available • Cross-function dataflow analysis • Community rules | Generally available • Reachability analysis • Can detect open source licenses |
| Swift | Generally available • Cross-function dataflow analysis • 60+ Pro rules | Generally available • Reachability analysis • Can detect open source licenses |
| Rust | Generally available • Cross-function dataflow analysis • 40+ Pro rules | Generally available • Reachability analysis • Can detect open source licenses • Can detect malicious dependencies |
| PHP | Generally available • Cross-function dataflow analysis • 50+ Pro rules | Generally available • Reachability analysis • Can detect open source licenses |
| Terraform | Generally available • Cross-function dataflow analysis • Community rules | N/a |
| Generic | Generally available | N/a |
| JSON | Generally available | N/a |
| Elixir | Generally available | Beta |
| APEX | Beta | — |
| Dart | Experimental | Beta |
Click to view experimental languages for Semgrep Code.
Click to view experimental languages for Semgrep Code.
- Bash
- Cairo
- Circom
- Clojure
- Dockerfile
- Hack
- HTML
- Jsonnet
- Julia
- Lisp
- Lua
- Move on Aptos
- Move on Sui
- OCaml
- R
- Scheme
- Solidity
- YAML
- XML
Additional information
Language maturity levels differ from feature and product maturity levels.- See Language maturity levels for maturity definitions used on this document.
- See Feature definitions for analysis terminology definitions used on this document.
- See Package manager support for Supply Chain dependency metadata support.
- See Supply Chain feature support for Supply Chain feature coverage by language.