xgrep

xgrep is a fast, Semgrep-compatible code scanner with AST-based matching, taint analysis, and code intelligence built for AI agents.

xgrep is a fast, Semgrep-compatible code scanner written in Go. It scans codebases using Semgrep YAML rule syntax and tree-sitter for language-aware, AST-based pattern matching. Beyond scanning, xgrep provides code intelligence and a queryable code graph that power both human workflows and AI agents.

Explore the documentation

  • Getting Started: What xgrep is, how to install it, and how to run your first scan
  • Scanning: CLI reference, output formats, supported languages, secrets scanning, and Semgrep compatibility
  • Rules: Writing, testing, and understanding xgrep rules, including taint analysis
  • Code Intelligence: Navigating source code with inspect and the code graph
  • Integrations: The MCP server, LSP server, and CI setups
  • AI Agents: Agent workflows and the packaged Claude Code skills

Overview

What xgrep is, the accuracy-first design goals behind it, and how to go from install to first scan.

On this page

Explore the documentation