Semgrep Assistant

Automated recommendations for triage and code remediation using Semgrep assisted by GPT-4

Semgrep Assistant demo

See examples of how Semgrep Assistant can help with code remediation and triaging security issues.

Read the announcement

April 04, 20234 min read
Raja Rao DV


Because this feature involves sharing code snippets with a third party, we take extra steps to secure your data. First, code snippets are shared with OpenAI without identifying the customer or repository name. Second, we only share the amount of code necessary to enlist the help of GPT in automating resolution of each specific alert. Finally, Semgrep only accesses source code repositories on a file-by-file basis; we do not need or request org-level access to your codebase.  

Semgrep Assistant is an opt-in, invitation-only private beta that does not impact customers unless they choose to participate. Please contact [email protected] with any questions.

Yes, the Semgrep Assistant feature submits part of the file that has a finding in it to OpenAI for processing by a GPT model. OpenAI is not allowed to use the submitted code for training their models.

No personal information is shared with OpenAI as a part of the Semgrep Assistant feature. 

No. Your source code remains yours, and it will only be accessed by Semgrep or OpenAI to the limited extent necessary to provide the Semgrep Assistant service to you. Once results are returned to you, Semgrep will delete the snippets that were shared. OpenAI retains copies of the content sent to them for a maximum of 30 days for purposes of monitoring abuse, as indicated in their API Data Usage Policies

No. Because Semgrep will be accessing OpenAI’s services via API, OpenAI will not use any of the content we provide to them for the purpose of improving their services (see Section 3(c) of their Terms of Use).

Yes, to a limited extent. Specifically, the sharing of code snippets with Semgrep as part of this feature expands the scope of the data to which you grant us a limited license in order to provide our services to you (see Section 5.1 of our Subscriber Agreement).

Code analysis at ludicrous speed
Find bugs and enforce code standards
Trusted by top companies