How to run different versions of Semgrep
Most of the time, it's best to run the latest version of Semgrep, as it has the most recent features and fixes.
However, when testing or managing upgrades, it can be helpful to run different versions of Semgrep to compare behavior.
If you use Semgrep with Semgrep AppSec Platform, only the latest 10 minor versions are supported.
Installation with Homebrew does not support multiple versions of Semgrep, but you can use either Pip or Docker to install different versions. In the following examples, x.y.z is a placeholder for a version string.
Running different versions using pip
Install a specific Semgrep version using pip's version syntax:
python3 -m pip install semgrep==x.y.zIf you see an error during the installation process due to your Python environment being externally managed by a package manager, see Semgrep's article for instructions on how to proceed.
Confirm installation:
semgrep --version
Then, execute Semgrep as you would normally on the command line.
Running different versions using Docker
To run a version other than latest using Docker, use the tag for the version when pulling or running the image.
To pull:
docker pull semgrep/semgrep:x.y.zTo run locally, mounting the desired source directory (/PATH/TO/SRC) for scanning:
docker run --rm -v "/PATH/TO/SRC:/src" semgrep/semgrep:x.y.z semgrep --config=autoTo run in GitHub Actions CI:
jobs:
  semgrep:
    name: semgrep/ci 
    runs-on: ubuntu-latest
    container:
      image: semgrep/semgrep:x.y.z
Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.