Security Rivals Unite to Launch "Opengrep" Following Semgrep Clampdown

SAN FRANCISCO, GHENT, BELGIUM and TEL AVIV, Israel, Jan. 23, 2025 /PRNewswire/ -- In an unprecedented move, 10+ competing security companies have united to launch Opengrep, a collaborative fork of Semgrep's code analysis engine. This move follows Semgrep's December 13 decision to restrict its open-source security project by changing its license and placing key features behind a commercial paywall. Semgrep is backed by Sequoia and used by a multitude of organizations and millions of developers worldwide.

The alliance spans Silicon Valley, Europe, and Israel, including Aikido Security, Arnica, Amplify Security, Endor Labs, Jit, Kodem, Legit Security, Mobb, and Orca Security. This coalition marks the first time direct competitors have joined forces to preserve open-source infrastructure. Inspired by other forks like OpenSearch (ElasticSearch) and OpenTofu (Terraform), Opengrep represents a united stand to maintain critical open-source tools against commercialization.

"Open-source license changes by private vendors can disrupt contributors and communities that help build these projects," reads the Opengrep manifesto, jointly authored by the consortium. "Semgrep's rebranding and license shift signal a departure from its commitment to democratize code security for developers."

Semgrep's open-source contributions included a pattern-matching engine licensed under LGPL 2.1 and a shared rules registry built with community input. However, recent changes mean community-contributed rules are now locked behind a commercial license, and essential features like tracking ignores, fingerprinting, and meta-variables—developed with community support—are no longer open-source.

These changes, while positioned as affecting SaaS providers, disrupt end-users and developers reliant on Semgrep's open-source engine. "This harms the broader open-source ecosystem," note Opengrep sponsors. "The development community must now think twice before investing in open-source."

By pooling resources and expertise, the Opengrep consortium aims to advance and democratize code security analysis. The group has committed to placing Opengrep under foundation management, ensuring no single entity can impose restrictions. Initial contributions include capital and development expertise from each member.

Immediate benefits for developers:

• Decentralized project with multiple contributors, removing single-vendor dependence risk
• Support for critical features, part of pro-only Semgrep (full backward compatibility, fingerprint, support for common JSON and SARIF outputs…)
• Enhanced scanning capabilities without commercial restrictions
• Vendor-independent, merit-based review of community contributions
• Rule portability, Community-contributed rules will not be locked into a commercial exclusivity

"Preserving access, innovation, and trust in open-source security tools is critical," states the consortium. "Opengrep will make secure software development a shared standard for all."

Developers and organizations can join Opengrep's open roadmap session on February 20th. Founders representing Opengrep's sponsors include Willem Delbare (Aikido Security), Nir Valtman (Arnica), Ali Mesdaq (Amplify Security), Varun Badhwar (Endor Labs), Aviram Shmueli (Jit), Pavel Furman (Kodem), Liav Caspi (Legit Security), Eitan Worcel (Mobb), and Yoav Alon (Orca Security).

Photo - https://mma.prnewswire.com/media/2604948/Opengrep_Slide.jpg

View original content to download multimedia:https://www.prnewswire.com/news-releases/security-rivals-unite-to-launch-opengrep-following-semgrep-clampdown-302358962.html

SOURCE Aikido Security