Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
翻译 - 多种语言的轻量级静态分析。使用看起来像源代码的模式查找错误变体。
Semgrep rules registry
Define and run pattern-based custom linting rules.
A collection of my Semgrep rules to facilitate vulnerability research.
VULNRΞPO - Free vulnerability report generator and repository, end-to-end encrypted! Templates of issues, CWE,CVE,MITRE ATT&CK,PCI DSS, import Nmap/Nessus/Burp/OpenVAS/Bugcrowd/Trivy, Jira export, TXT...
A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.
tool designed for identifying vulnerabilities in open source codebases at scale. It can gather and filter on key repository metrics such as popularity and project size
Prevent merging of malicious code in pull requests
Focused malicious code detection ruleset, with a high protection-to-noise ratio
This project is deprecated. Use https://github.com/returntocorp/semgrep instead
🌐 Visualize and explore IaC ✒️ Create and share notes in VS Code 🤝 Sync notes and findings in real-time with friends
Semgrep extension for Visual Studio Code
GitHub Actions CI/CD - Master Template & Reusable Workflows Library - Docker Builds, AWS, Python, Terraform, Jenkins, Linting, Security Scanning, Make Builds etc.