AI security depth
Prompt injection at the call site (LLM01), embedding leakage (LLM06), agent over-privilege (LLM07), MCP server hardening (MCP-001..008). Semgrep relies on community AI rules with no cohesive family.
Compare · vs Semgrep
Nox vs Semgrep: AI-native, signed extensions, cross-file taint free.
Semgrep is a strong general-purpose SAST. Nox is purpose-built for teams shipping AI features and pairs SAST with cosign-signed plugins, AIBOM, and MCP-native agent access. Where Semgrep gates cross-file taint behind the Pro tier, Nox ships interprocedural taint plus AI-specific source-to-sink in the open-source core.
Capability map
Semgrep feature → Nox equivalent
| Semgrep | Nox | Notes |
|---|---|---|
| Pattern-based SAST | core SEC-* + nox/sast | Both pattern + AST. Semgrep DSL more expressive; Nox covers more languages out of the box |
| Cross-file taint (interfile) | core TAINT-001..007 (interprocedural) + AI taint | Free in Nox. Paid tier in Semgrep. |
| AI security rules | 21 dedicated AI rules + MCP-001..008 + AI taint families | Semgrep relies on community AI rules; no MCP coverage |
| SCA / dependencies | core VULN-* + nox/reachability (verified) | Semgrep Supply Chain is paid |
| IaC scanning | 369 IAC rules across Terraform, K8s, Dockerfile, GHA, Ansible, Kustomize, Serverless | Semgrep has IaC rules but breadth is narrower |
| Secrets | 160 SEC rules core | Semgrep secrets is paid |
| Custom rules | YAML rule packs | Semgrep DSL is genuinely better for AST patterns. Nox uses RE2 + structural matchers. |
| CI gating | nox/policy-gate (verified) | Both ship CI gates |
| Editor integration | VSCode/JetBrains plugin in roadmap | Semgrep wins today |
| Cosign-signed extensions | 19 verified plugins, all Sigstore keyless | No equivalent in Semgrep |
| Pricing | $0 forever, Apache 2.0 | Semgrep paid for serious use ($40-100/dev/mo) |
Why switch
What you gain
Cross-file taint is free
Semgrep gates interfile analysis behind the Pro tier. Nox's TAINT-006/007 + TAINT-AI-001/002 ship in core, including AI-specific source-to-sink (request.json → service hop → chat.completions.create).
Cosign-signed plugin marketplace
Every plugin in the official registry verified via Sigstore keyless OIDC. Semgrep rules are uploaded files with no supply-chain integrity story.
Single binary covers SAST + SCA + IaC + AI + secrets
One pass, deterministic, offline. Semgrep's coverage requires multiple paid tiers stitched together.
AIBOM v2.0
Polyglot AI component inventory naming every model invocation, auth env var, and endpoint. Audit-ready. Semgrep has nothing equivalent.
Be honest
What you give up
Rule authoring DX
Semgrep DSL beats RE2-based pattern matching for complex AST queries. If you author dozens of custom rules, Semgrep wins.
Community rule volume
Semgrep ships thousands of community rules across niche languages. Nox's ruleset is curated and smaller (717).
Type-aware analysis
Semgrep Pro has type-aware analysis for Java/JavaScript/Python that catches edge cases pattern matching misses.
30-minute migration
From semgrep ci to nox scan
# 1. Install nox.
brew install felixgeelhaar/tap/nox
# 2. Run a baseline scan.
nox scan . --output nox-out
# 3. Convert your Semgrep .semgrep.yml to a nox baseline.
nox vex init --input nox-out/findings.json --output vex.json
# 4. Wire CI (replaces semgrep ci).
cp examples/ci-baseline/.github/workflows/security.yml .github/workflows/
# 5. Verify.
nox doctor
nox scan . --vex vex.jsonReady to migrate?
Run Nox alongside Semgrep for a sprint, compare findings, then cut over.