Images
>Semgrep

Semgrep

Runs customizable code scans to identify bugs, security issues, and policy violations.

github/super-linter
zricethezav/gitleaks
returntocorp/semgrep-agent
python

What is Semgrep?

The semgrep image packages Semgrep, a lightweight, open-source static analysis tool that runs customizable code scans to identify bugs, security issues, and policy violations. Designed for fast, CI-friendly scanning, Semgrep supports multiple programming languages and allows teams to write their own rules or use curated rulesets.

The image provides a CLI-driven interface for scanning source code in a containerized environment, making it ideal for use in CI pipelines, pre-commit hooks, or developer workflows. It’s widely used in modern AppSec and DevSecOps practices to enforce code quality and security standards without heavyweight tooling.

The semgrep image is maintained by r2c (Return to Corp) and supports both open-source and Semgrep Cloud Platform workflows.

How to use this image

The semgrep image runs the CLI and is most often used to scan source code directories mounted into the container.

Scan local code using community rules:

<code>docker run --rm -v $(pwd):/src returntocorp/semgrep semgrep scan --config=p/ci --quiet</code>

Use a custom ruleset (local or remote):

<code>docker run --rm -v $(pwd):/src returntocorp/semgrep semgrep scan --config=rules/ --path /src</code>

Authenticate with Semgrep Cloud Platform (if using):

<code>docker run --rm -e SEMGREP_APP_TOKEN=<your-token> \  -v $(pwd):/src returntocorp/semgrep semgrep scan --config=p/default</code>

Logging and behavior:

Semgrep prints scan results to stdout by default. You can output JSON (--json) or SARIF (--sarif) for integration with other tools.

Image variants

Published under returntocorp/semgrep, the image is versioned by release and includes no OS-specific flavors.

returntocorp/semgrep:latest

Tracks the latest stable release of the CLI with bundled rules.Use for dev environments or where version drift is acceptable.

returntocorp/semgrep:<version>

Tagged by CLI version (e.g. v1.79.0, v1.65.0).

Recommended for CI pipelines or reproducible environments.

The image includes Python, rule parsers, and CLI support for local or cloud-based scans. It is updated frequently alongside Semgrep releases.

Interested in base images that start and stay clean?

This is a not a valid email
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Chat with a product expert