Alternatives and similar repositories for semgrep-rules:

Users that are interested in semgrep-rules are comparing it to the libraries listed below

• kondukto-io / semgrep-rules
  Custom semgrep rules registry
  ☆11Updated 2 years ago
• picatz / taint
  🚰 Static taint analysis for Go programs.
  ☆59Updated 5 months ago
• owenrumney / go-sarif
  Go library for sarif - Static Analysis Results Interchange Format
  ☆70Updated last week
• dirtyharrycallahan / pystrace
  ☆27Updated 8 years ago
• blacktop / seccomp-gen
  Docker Secure Computing Profile Generator
  ☆47Updated 3 years ago
• duo-labs / narrow
  Low-effort reachability analysis for third-party code vulnerabilities.
  ☆20Updated last year
• catenacyber / ngolo-fuzzing
  Automatic fuzz targets generation for Golang packages
  ☆53Updated 3 weeks ago
• IQTLabs / pypi-scan
  Scan pypi for typosquatting
  ☆38Updated 2 years ago
• ozonru / cyclonedx-go
  Creates CycloneDX Software Bill-of-Materials (SBOM) from Go projects. So you can use it with DependencyTrack to monitor security issues i…
  ☆21Updated 4 years ago
• ancat / egrets
  egrets monitors egress
  ☆46Updated 4 years ago
• uchi-mata / dostainer
  ☆29Updated 3 years ago
• jlauinger / go-geiger
  Static code analysis tool to find unsafe usages in Go packages and their dependencies
  ☆42Updated 4 years ago
• chainguard-dev / bom-shelter
  A place to systematically store software bill of materials (SBOM) documents.
  ☆44Updated last year
• mllamazares / vulncov
  🧪 Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.
  ☆38Updated last month
• trailofbits / anselm
  Detect patterns of bad behavior in function calls
  ☆25Updated 4 years ago
• trailofbits / codeql-queries
  CodeQL queries developed by Trail of Bits
  ☆85Updated last month
• knqyf263 / remic
  Vulnerability Scanner for Detecting Publicly Disclosed Vulnerabilities in Application Dependencies
  ☆23Updated 5 years ago
• lookfwd / getting-started-clusterfuzz-local-in-aws
  ☆15Updated 4 years ago
• antitree / syscall2seccomp
  Build custom Docker seccomp profiles for containers by finding syscalls it uses.
  ☆89Updated 4 years ago
• ossf / package-feeds
  Feed parsing for language package manager updates
  ☆76Updated last month
• ancat / hypercam
  A tool for interacting with live processes/containers
  ☆22Updated 2 years ago
• in-toto / supply-chain-compromises
  ☆22Updated 3 years ago
• eerimoq / pyfuzzer
  Fuzz test Python modules with libFuzzer
  ☆24Updated 2 years ago
• hannob / pypi-bad
  Bad packages from the pypi repository
  ☆9Updated 6 years ago
• plume-oss / plume
  Plume is a code representation benchmarking library with options to extract the AST from Java bytecode and store the result in various gr…
  ☆74Updated 3 months ago
• vmnguyen / semgrep-rules
  My custom semgrep rules
  ☆20Updated 4 years ago
• ttarvis / glasgo
  A Security Scanner for Go
  ☆26Updated 5 years ago
• ShiftLeftSecurity / shiftleft-scan-vscode
  ShiftLeft Scan is a free and open-source commercial-grade security tool for modern DevOps teams.
  ☆13Updated 2 years ago
• inetrg / spoki
  Artifacts of the USENIX Security 2022 paper "Spoki: Unveiling a New Wave of Scanners through a Reactive Network Telescope"
  ☆17Updated last month
• nccgroup / glasgo
  Go static analysis tool that checks for security issues using an AST.
  ☆28Updated 6 years ago