Opengrep: A Truly Open-Source SAST Solution for the Community

Last month, Semgrep announced significant changes to its open-source (OSS) projects for static application security testing (SAST). These changes include altering the license of its OSS rules repository and moving essential features of its OSS engine behind a commercial license. The development creates a critical gap in the availability of open, accessible, and shareable SAST solutions for the development, DevOps, and security communities.

In response, Orca, along with other leading security vendors and community members, are working together to launch Opengrep, a truly open-source initiative supported by community sponsorship. A fork of Semgrep, Opengrep is designed to ensure that SAST remains accessible, transparent, and collaborative. The Opengrep manifesto outlines the vision and principles driving the project, emphasizing its commitment to openness and innovation.

At Orca, we are committed to driving innovation and collaboration in the cloud-native and application security ecosystem. As a leader in this space, we recognize the importance of contributing to initiatives that empower the broader community and strengthen the tools they rely on. As Orca develops capabilities for our customers, we have future plans to bring Opengrep into the Orca Cloud Security Platform.

By supporting Opengrep, we’re not only enhancing the experience for our customers but also providing value to developers, DevOps engineers, and security professionals across the industry. Opengrep ensures that reliable and effective SAST capabilities remain available to meet the evolving needs of the community, regardless of their tools or platforms. Together, we’re fostering a stronger, more secure future for cloud-native environments.

From Opengrep to OSS and Beyond: Orca’s Smart Platform Approach

At Orca Security, we understand the complexity of modern cloud environments, where organizations rely on a diverse range of tools to build, deploy, and manage applications at scale. Our guiding principle is to create a Smart Platform for cloud security that not only protects your entire technology stack but also seamlessly integrates with your existing workflows and tools.

Unlike solutions that silo security insights within their own platforms, Orca fosters an open and interoperable ecosystem. We ensure security intelligence reaches the right people—when, where, and how they need it most. Our Smart Platform doesn’t just provide comprehensive cloud visibility; it also delivers actionable intelligence directly to your development, DevOps, and security teams through the tools they already use.

For example, with Orca, developers can resolve security issues without ever leaving their version control or ticketing systems, gaining all the context they need to take action. Meanwhile, security teams gain a unified view of cloud risks, tracing vulnerabilities and misconfigurations back to their source in code or pipelines. This holistic approach simplifies collaboration and empowers every team to play their part in securing the organization.

Our integration-first philosophy underscores this commitment. Orca integrates with more than 50 leading platforms spanning ticketing systems, version control systems, and security tools. These deep integrations ensure that our customers can maximize the value of their existing investments while enhancing visibility and collaboration across teams.

We are pleased to integrate Opengrep as our SAST engine, enhancing our ability to deliver comprehensive and reliable secure code analysis with greater precision and confidence. As a community-driven, open-source SAST solution, Opengrep enhances the flexibility and options available to our customers and prospects. More importantly, we support Opengrep as a vital open-source initiative that benefits everyone in the cloud-native ecosystem—whether they rely on Orca or another security platform.

Orca and our Support of Open Source

At Orca, our commitment to advancing OSS goes beyond the community projects we proudly contribute to, including Opengrep. We have also launched and continue to maintain our own open-source projects, all of which help strengthen cloud-native security. They include:

AI Goat: The first open-source hands-on learning environment for AI security. Based on the OWASP Machine Learning Top Ten list, AI Goat teaches security practitioners and pen-testers how attackers can exploit AI-specific vulnerabilities and how to defend against AI-focused attacks.
The IAM AWS Policy Evaluator: An open-source and automated tool, IAM AWS Policy Evaluator simplifies the process of calculating effective permissions for an AWS entity. The project helps users fortify cloud security postures.
KTE: An open-source project, KTE is a Kubernetes Testing Environment for Amazon Elastic Kubernetes Service (EKS), Google Kubernetes Engine (GKE), and Azure Kubernetes Service (AKS). KTE enables users to improve their Kubernetes security by offering a controlled and safe environment to detect and address potential vulnerabilities before production.

Learn more

If you’re interested in learning more about our smart platform or seeing it in action, schedule a personalized demo with one of our experts.

Opengrep is Here: A Truly Open-Source Alternative for the SAST Community

From Opengrep to OSS and Beyond: Orca’s Smart Platform Approach

Orca and our Support of Open Source

Learn more

See Orca Security in Action

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons

From Opengrep to OSS and Beyond: Orca’s Smart Platform Approach

Orca and our Support of Open Source

Learn more

Related articles

Stay in the loop

AI-Driven Remediation for Code: Solving Risks from Cloud-to-Dev with Intelligent Automation

Open-Source License Detection: Achieve Comprehensive Compliance from Code to Cloud

See Orca Security in Action