Skip to main content

How to run different versions of Semgrep

Most of the time, it's best to run the latest version of Semgrep, as it has the most recent features and fixes.

However, when testing or managing upgrades, it can be helpful to run different versions of Semgrep to compare behavior.

info

If you use Semgrep with Semgrep AppSec Platform, only the latest 10 minor versions are supported.

Installation with Homebrew does not support multiple versions of Semgrep, but you can use pipx, uv, or Docker to install different versions. In the following examples, x.y.z is a placeholder for a version string.

Running different versions using pipx

Install a specific Semgrep version using pipx's version syntax:

pipx install semgrep==x.y.z

If you already have Semgrep installed via pipx, use --force to reinstall a different version:

pipx install --force semgrep==x.y.z

Running different versions using uv

You can also pin a specific version using uv tool install:

uv tool install semgrep==x.y.z

Or run a specific version one-off, without installing it persistently, using uvx:

uvx semgrep@x.y.z --version

Confirm installation:

semgrep --version

Then, execute Semgrep as you would normally on the command line.

Running different versions using Docker

To run a version other than latest using Docker, use the tag for the version when pulling or running the image.

To pull:

docker pull semgrep/semgrep:x.y.z

To run locally, mounting the desired source directory (/PATH/TO/SRC) for scanning:

docker run --rm -v "/PATH/TO/SRC:/src" semgrep/semgrep:x.y.z semgrep --config=auto

To run in GitHub Actions CI:

jobs:
  semgrep:
    name: semgrep/ci 
    runs-on: ubuntu-latest

    container:
      image: semgrep/semgrep:x.y.z

Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.