semgrep

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.

Define and run pattern-based custom linting rules.

Semgrep rules for smart contracts based on DeFi exploits

A collection of my Semgrep rules to facilitate vulnerability research.

VULNRΞPO - Free vulnerability report generator and repository, end-to-end encrypted! Templates of issues, CWE,CVE,MITRE ATT&CK,PCI DSS, import Nmap/Nessus/Burp/OpenVAS/Bugcrowd/Trivy, Jira export, TXT/JSON/MARKDOWN/HTML/DOCX, attachments, automatic changelog, stats, vulnerability management, bugbounty, local ai/llm, super fast pentest reporting!

A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.

tool designed for identifying vulnerabilities in open source codebases at scale. It can gather and filter on key repository metrics such as popularity and project size

Prevent merging of malicious code in pull requests

Generic SAST Library

A MCP server for using Semgrep to scan code for security vulnerabilities.

Focused malicious code detection ruleset, with a high protection-to-noise ratio

An extension to use Semgrep inside Burp Suite.

Manager of third-party sources of Semgrep rules 🗂

This project is deprecated. Use https://github.com/returntocorp/semgrep instead

🌐 Visualize and explore IaC ✒️ Create and share notes in VS Code 🤝 Sync notes and findings in real-time with friends

Semgrep extension for Visual Studio Code

GitHub Actions CI/CD - Master Template & Reusable Workflows Library - Docker Builds, AWS, Python, Terraform, Jenkins, Linting, Security Scanning, Make Builds etc.

《深入理解Semgrep》Finding vulnerabilities with Semgrep.