This document provides information on how Semgrep calculates usage for billing purposes and is intended for users with paid Semgrep Code, Supply Chain, or Secrets licenses.
A contributor is someone who has made at least one commit to a Semgrep-scanned private repository within the last 90 days, starting from the date of license purchase if a license was purchased, or the date of account creation, for accounts using Semgrep within usage limits.Any Semgrep AppSec Platform scan counts towards the contributor total. This includes:
Scanning with Semgrep Code, Secrets, or Supply Chain
Full scans on a repository or partial scans on a pull request or merge request
Semgrep computes contributor counts for any scan initiated by a logged-in user running semgrep ci or semgrep scan. The semgrep scan command is subject to the usage limit when invoked by a logged-in contributor.
FREE LICENSESemgrep Code and Semgrep Supply Chain are free for organizations with 10 or fewer monthly contributors. If your organization needs Code and Supply Chain licenses for more than 10 contributors, you must purchase Team licenses.
Contributor usage across multiple Semgrep organizations
If your company creates multiple Semgrep organizations, the contributor limit applies to all of them. For example, if your company creates three Semgrep organizations, each with the following number of contributors:
Organization 1 has 8 contributors
Organization 2 has 9 contributors
Organization 3 has 10 contributors
Your company has 27 contributors across three organizations, so you need licenses for all 27.
Each Semgrep license, regardless of plan, includes a monthly allocation of AI credits for AI-powered features.
Plan
AI credits per month
Free
60 credits per month
Team
20 credits per contributor per month
Enterprise
50 credits per contributor per month
If you have a Team or Enterprise plan, you can purchase additional credits as needed in increments of 10,000 credits.Entitlement credits, or the credits that come with your Semgrep licenses, expire at the end of your contract and do not roll over. Credits that you purchase expire at the end of your contract, but they can be rolled over once to the following year.
The following table lists the credits required for AI-powered features:
Feature
AI credits required
AI-powered pull request or merge request comments
0 credits
AI analysis*
1 credit per finding
AI autofix
20 credits per finding
AI-powered detection scanning**
Variable per scan
*Includes autotriage, remediation guidance, and component tagging**AI-powered detection scans use a variable number of credits per scan. Credit use depends on scan size and complexity, so larger or more complex scans may use more credits.
Within your team or organization, assess the number of contributors. Contributors are members of your organization who make commits. That determines the number of licenses needed for the plan purchase.For example, if a project has 4 unique contributors who create commits during the billing period while Semgrep is scanning their repositories, only 4 licenses are required, even if the organization has 10 members. Contributors are counted only once, even if they commit to many projects within the same organization, so no additional licenses are required.All members of the organization, regardless of contributor (license) status, have access to paid features for the chosen tier. This means that project managers and other non-programming roles can still view the Semgrep AppSec Platform dashboard.
Semgrep scans stop if you have too many contributors. You can resume scanning by:
Purchasing additional licenses. See [Additional usage and reconciliation of licenses] for additional information on how these purchases affect your account.
Waiting for the next billing cycle, which is when your usage limits reset.
If you’re using a free license, Semgrep automatically starts a free trial of the Teams plan for you if it is the first time that you exceed your usage limits.There are no contributor limits on public projects.
