Sarah Gooding
August 12, 2025
Opengrep has released a sequence of updates that introduce native support for Salesforce’s Apex language, enhanced rule configuration options, performance enhancements, and key bug fixes. The open source static application security testing (SAST) engine, originally forked from Semgrep CE in January 2025, continues to expand its capabilities with frequent, community-driven releases aimed at making the engine more flexible, CI/CD-ready, and stable for large-scale use. Apex support is the most notable addition, alongside improvements that strengthen developer control over scan results.
Since its launch, Opengrep has kept to a rapid weekly release cycle, steadily adding new features and restoring functionality removed from Semgrep CE. This pace has allowed the project to respond quickly to community feedback and expand into areas that other open source SAST tools have traditionally left underserved.
Opengrep now supports Apex, becoming the only free and open source SAST engine to support the language. Apex is Salesforce’s primary programming language, used in .cls and .trigger files, and is widely used across enterprise environments.
Apex has been difficult for static analysis tools to handle due to Salesforce-specific query structures. Most open source engines have offered limited or no support, leaving security teams to rely on commercial solutions or custom workarounds. With this release, developers can now:
“Apex has always been tricky for static analysis tools because of Salesforce-specific query structures,” the team stated. “With 90% of the Fortune 500 on Salesforce, it’s about time Apex had free, open-source support.”
Since Apex support arrived in v1.7.0, Opengrep has released multiple versions packed with enhancements.
Rule Improvements
max_match_per_file option to limit per‑file matchestaint_fixpoint_timeout for more precise taint trackingdefp), and RubyPerformance and Usability Improvements
opengrep scan -c auto now functions without extra flags--metrics parameterBug Fixes and Maintenance Efforts
Up until now, enterprises using Salesforce have had few modern SAST options for Apex. Commercial SAST tools often cover Apex, but they come with licensing costs and vendor lock‑in. By providing native Apex support, Opengrep is filling a critical gap in open source SAST tools and potentially increasing adoption in enterprise environments.
Opengrep’s additions such as max_match_per_file, taint_fixpoint_timeout, and fingerprint improvements reflect a shift toward configurability and precision, areas where open source SAST tools traditionally have lagged behind commercial competitors. Commercial tools often promote low‑noise outputs, guided remediation, and integrated enterprise workflows.
Opengrep’s ongoing weekly release pace stands in contrast with slower update cycles typical of many SAST tools. The project's rapid release cadence is a major differentiator here, as it improves agility, accelerates bug fixes, and supports continuous improvement. For teams frustrated by long waits between updates in other products, Opengrep’s model may offer a compelling alternative, with the added benefits of cost control and transparent development.
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Security News
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.
Security News
CISA’s 2025 draft SBOM guidance adds new fields like hashes, licenses, and tool metadata to make software inventories more actionable.
Security News
A clarification on our recent research investigating 60 malicious Ruby gems.