Semgrep

Name: Semgrep
Rating: 3.24 (1 reviews)
Author: Semgrep

#804 · by Semgrep

infra serverless GPU

3.24/ 5.00

trustedBeta

Mar 3, 2026 at 7:21 AM6 signals analysed100 commits (90d)No manual reviews · fully automated

Trust Signal Breakdown

high3 sub-signals across 6 dimensions

CVEs, dependency health, and supply chain integrity

2 of 3 sub-signals with data

Known CVEs57%5.0

No known CVEs

via OSV.dev

Dependency Healthno data—

Weight redistributed to sub-signals with data

Supply Chain43%4.8

50 transitive CVEs found (penalty: -0.25)

via npm provenance

Uptime, latency, error rates, and incident history

0 of 0 sub-signals with data

Commit recency, release cadence, issue response, CI/CD

0 of 0 sub-signals with data

Downloads, stars, dependents, and growth trajectory

0 of 0 sub-signals with data

License, documentation, security policy, changelog

0 of 0 sub-signals with data

Track record, org maturity, community standing

0 of 0 sub-signals with data

About this score

Scored across 3 sub-signals in 6 dimensionsScoring engine v1 (beta) — actively being expandedPhase 1: Core sub-signal architecture (live)Phase 2: Permission scope & expanded collection (in progress)

Trust AssessmentAI Assessment

Static analysis tool for finding bugs and enforcing code standards across 30+ languages

Package Availability (30d)

100.00%

p50: 72ms · p99: 75ms

Avg Latency

54ms

averaged across 30d health checks

Weekly Downloads

—

no package registry data

Transparency & Compliance5/5 passed

✓

Open Source CodePublic repository on GitHub

✓

OSI LicenseLicensed under LGPL-2.1

✓

DocumentationREADME with examples/code blocks

✓

SECURITY.mdSecurity policy published

✗

API DocumentationNo API documentation detected

Incidents & Alertslast 90 days

Mar 1Trust score decreased by 1.073.24

Feb 26Semgrep added to Trust Index4.62

Showing 2 of 2 events

Score History29 snapshots

5.003.752.501.250.00

Feb 26Mar 1

Community & Ecosystemadoption signals

100

Commits (90d)

semgrep

Releases

avg 11d apart

Supply Chain & Dependenciestrust chain

◈

attrs

pypi · >=21.3

◈

boltons

pypi · ~=21.0

◈

click

pypi · ~=8.1.8

◈

click-option-group

pypi · ~=0.5

◈

colorama

pypi · ~=0.4.0

◈

exceptiongroup

pypi · ~=1.2.0

Showing 6 of 27 dependencies

Data Sources6 indexed

◎

OSV.devCVE database · vulnerability scanning for npm & PyPI packages

◈

GitHub APICommits, issues, releases, repo metadata, transparency checks

⬡

npm RegistryPackage metadata, weekly downloads, maintainers, dependencies

⬡

PyPIPackage metadata, weekly downloads, dependency tree

△

HTTP Health Checks15-min pings · uptime, latency, status monitoring

◎

PyPI StatsDownload statistics and trends

Version Historyscore per release

VERSIONRELEASEDSCOREDELTA

v1.153.0Feb 25, 20264.52—

v1.152.0Feb 18, 20264.52—

v1.151.0Feb 4, 20264.52—

v1.150.0Jan 29, 20264.52—

v1.149.0Jan 21, 20264.52—

v1.148.0Jan 15, 20264.52—

Showing 6 of 10 releases

Are you the publisher?

Claim this profile to unlock deeper evaluation, real-time monitoring,
and trust signals that help agents discover your service.

Share this Trust Score

Generate a scorecard image optimised for X, LinkedIn and other social platforms.

⬇ Download Score Card