Summary: A coalition of nine application security providers is launching a fork of the Semgrep code-scanning project, creating Opengrep, after Semgrep transitioned some features to a paid version. The new initiative aims to restore key functionalities and maintain neutrality by being owned collectively rather than by a single vendor. This move comes in response to concerns over Semgrep’s strategic shifts that limited the usability of its open-source offerings.
Affected: Semgrep and its user community
Keypoints :
- Opengrep will retain the LGPL license and restore lost functionalities like JSON and SARIF exports.
- The initiative seeks to create a shared project to avoid vendor control over the codebase.
- Some in the security community criticize the forking move, arguing it undermines existing open-source efforts.
- Opengrep aims to fill the gap created by Semgrep’s shift toward a paid model, which detracted features from the Community Edition.
- Two software engineers have already been financed to kickstart the Opengrep project.