patched-codes / semgrep-rulesLinks
A collection of permissively licensed Semgrep rules.
β13Updated last year
Alternatives and similar repositories for semgrep-rules
Users that are interested in semgrep-rules are comparing it to the libraries listed below
Sorting:
- π§ͺ Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.β40Updated 8 months ago
- Focused malicious code detection ruleset, with a high protection-to-noise ratioβ125Updated 6 months ago
- Autogrep automates Semgrep rule generation and filtering by using LLMs to analyze vulnerability patches, enabling automatic creation of hβ¦β43Updated 6 months ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. β¦β66Updated 2 months ago
- Data about all known supply-chain attacks through historyβ59Updated 3 months ago
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and versβ¦β129Updated 3 weeks ago
- Manager of third-party sources of Semgrep rules πβ87Updated last year
- A comprehensive security scanner for Model Context Protocol (MCP) servers that detects vulnerabilities and security issues in your MCP seβ¦β93Updated this week
- β83Updated 7 months ago
- A small tool to help developers understand a huge set of security requirements from appsec teamsβ47Updated 3 years ago
- EZGHSA is a command-line tool for summarizing and filtering vulnerability alerts on Github repositories.β35Updated this week
- Static code analyser for backdoors and malicious code in git repos using OpenAI compatible LLM APIsβ73Updated last year
- Unauthenticated enumeration of AWS IAM Roles.β25Updated 7 months ago
- The security workflow engine!β119Updated this week
- β112Updated 2 years ago
- atom is a novel intermediate representation for applications and a standalone tool that is powered by chen.β71Updated this week
- A powerful Python library and CLI tool for parsing, analyzing, and manipulating YARA rules through Abstract Syntax Tree (AST) representatβ¦β26Updated 3 weeks ago
- Security tool against dependency typosquatting attacksβ54Updated this week
- Repository containing source code of MixewayFlow service that is Swiss army knife for DevSecOps Teamsβ63Updated this week
- SecureMCP is a security auditing tool designed to detect vulnerabilities and misconfigurations in applications using the [Model Context Pβ¦β128Updated 3 months ago
- Modular web-application honeypot platform built using go and ginβ58Updated last year
- Build a CVE library with aggregated CISA, EPSS and CVSS dataβ29Updated last year
- FastCVE: A Dockerized CVE search tool with API and CLI support for security vulnerability queries.β57Updated 3 months ago
- Code Pathfinder, the open-source alternative to GitHub CodeQL built with GoLang. Built for advanced structural search, derive insights, fβ¦β67Updated last week
- A powerful tool that leverages AI to automatically generate comprehensive security documentation for your projectsβ90Updated last week
- HashiCorp-relevant rules for the Semgrep code analysis toolβ41Updated last year
- Pentester-focused Docker registry tool to enumerate and pull imagesβ33Updated last month
- A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installsβ51Updated 2 years ago
- Semgrep-based Policy Controller for Kubernetesβ47Updated 5 months ago
- Sharing software supply chain security open source projectsβ52Updated 2 years ago