patched-codes / semgrep-rulesLinks
A collection of permissively licensed Semgrep rules.
☆19Updated last year
Alternatives and similar repositories for semgrep-rules
Users that are interested in semgrep-rules are comparing it to the libraries listed below
Sorting:
- Autogrep automates Semgrep rule generation and filtering by using LLMs to analyze vulnerability patches, enabling automatic creation of h…☆65Updated 10 months ago
- Manager of 14 third-party sources comprising approximately 4,000 Semgrep rules 🗂☆97Updated 3 weeks ago
- 🧪 Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.☆42Updated last year
- Focused malicious code detection ruleset, with a high protection-to-noise ratio☆139Updated 10 months ago
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.2, purl, and vers…☆134Updated last month
- atom is a novel intermediate representation for applications and a standalone tool that is powered by chen.☆81Updated last week
- Data about all known supply-chain attacks through history☆63Updated 7 months ago
- Security tool against dependency typosquatting attacks☆54Updated this week
- FastCVE: A Dockerized CVE search tool with API and CLI support for security vulnerability queries.☆60Updated 2 weeks ago
- Static code analyser for backdoors and malicious code in git repos using OpenAI compatible LLM APIs☆73Updated last year
- ☆75Updated 2 months ago
- Build a CVE library with aggregated CISA, EPSS and CVSS data☆29Updated 2 years ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …☆68Updated 6 months ago
- HashiCorp-relevant rules for the Semgrep code analysis tool☆41Updated 2 years ago
- EZGHSA is a command-line tool for summarizing and filtering vulnerability alerts on Github repositories.☆35Updated 2 weeks ago
- ☆114Updated 2 years ago
- Securely store, share, and access secrets alongside the codebase.☆72Updated last week
- A security tool that detects malicious packages from external vulnerability feeds and searches for them in your package registries or art…☆70Updated last month
- A flexible framework for security teams to build and deploy AI-powered workflows that complement their existing security operations.☆147Updated this week
- SecureMCP is a security auditing tool designed to detect vulnerabilities and misconfigurations in applications using the [Model Context P…☆134Updated 7 months ago
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,��…☆139Updated last year
- SecretBench is a dataset consisting of different secret types collected from public open-source repositories.☆47Updated last year
- A collection of Semgrep rules which followed security guidelines for .NET and Java.☆23Updated 4 years ago
- Repository containing source code of MixewayFlow service that is Swiss army knife for DevSecOps Teams☆77Updated this week
- Unauthenticated enumeration of AWS IAM Roles.☆26Updated 4 months ago
- A comprehensive list of software composition analysis tools.☆160Updated 3 months ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams☆106Updated 11 months ago
- RedFlag uses AI to identify high-risk code changes. Run it in batch mode for release candidate testing or in CI pipelines to flag PRs and…☆158Updated last year
- The security workflow engine!☆135Updated last month
- Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini☆175Updated 8 months ago