From e097b03fa02de5a247a2b6cf9cd564f96959f873 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20=C5=A0ottl?=
 <40571887+sottlmarek@users.noreply.github.com>
Date: Wed, 19 Jan 2022 11:19:55 +0100
Subject: [PATCH] semgrep limitations note

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index c0da046..44711d3 100644
--- a/README.md
+++ b/README.md
@@ -147,6 +147,8 @@ Static code review tools working with source code and looking for known patterns
 | **SonarQube community** | [https://github.com/SonarSource/sonarqube](https://github.com/SonarSource/sonarqube) | Detect security issues in code review with Static Application Security Testing (SAST) |![SonarQube](https://img.shields.io/github/stars/SonarSource/sonarqube?style=for-the-badge) | 
 | **gosec** | [https://github.com/securego/gosec](https://github.com/securego/gosec) | Inspects source code for security problems by scanning the Go AST. |![SonarQube](https://img.shields.io/github/stars/securego/gosec?style=for-the-badge) | 
 
+**Note:** Semgrep is free CLI tool, however some rulesets (https://semgrep.dev/r) are having various licences, some can be free to use and can be commercial.  
+
 OWASP curated list of SAST tools : https://owasp.org/www-community/Source_Code_Analysis_Tools 
 
 ## DAST