opengrep
Installation
SKILL.md
Opengrep Static Analysis
Opengrep is a community-maintained, open-source static analysis tool forked from Semgrep. It uses the same rule syntax and CLI interface, making existing Semgrep rules and knowledge transferable.
Two Use Cases
1. Semantic Code Search (grep alternative)
When exploring a codebase, grep finds text patterns but misses structural patterns. Opengrep understands code structure:
| Task | Grep | Opengrep |
|---|---|---|
| Find text "execute" | Fast, works | Overkill |
Find cursor.execute(...) calls |
May match comments, strings | Matches only actual calls |
Find functions that call os.system |
Difficult | pattern-inside + pattern |
| Find unparameterized SQL queries | Nearly impossible | Taint mode |