semgrep / mcp
A MCP server for using Semgrep to scan code for security vulnerabilities.
☆127Updated 2 weeks ago
Alternatives and similar repositories for mcp:
Users that are interested in mcp are comparing it to the libraries listed below
- A very simple open source implementation of Google's Project Naptime☆141Updated 3 weeks ago
- A powerful tool that leverages AI to automatically generate comprehensive security documentation for your projects☆72Updated last week
- Automated vulnerability discovery and annotation☆66Updated 8 months ago
- 🧪 Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.☆39Updated 4 months ago
- Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝☆133Updated 3 weeks ago
- ☆62Updated this week
- Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessments☆139Updated 3 months ago
- ☆177Updated last week
- Secure Code Review AI Agent (SeCoRA) - AI SAST☆47Updated 2 months ago
- A research project to add some brrrrrr to Burp☆155Updated 2 months ago
- A web CTF for training developers in bug hunting and secure coding!☆99Updated 3 months ago
- Focused malicious code detection ruleset, with a high protection-to-noise ratio☆116Updated 2 months ago
- ☆65Updated 4 months ago
- ☆63Updated 2 months ago
- boostsecurityio/lotp☆123Updated last week
- A multifaceted security tool which leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more.☆136Updated 3 weeks ago
- This terraform provider can be used to get remote code execution by injecting a dummy resource in a writeable state file.☆53Updated 3 months ago
- ☆36Updated 3 months ago
- A tool for preventing the installation of malicious PyPI and npm packages☆134Updated this week
- Octoscan is a static vulnerability scanner for GitHub action workflows.☆208Updated 2 weeks ago
- Identify hardcoded secrets in static structured text (version 2)☆91Updated 2 months ago
- Manager of third-party sources of Semgrep rules 🗂☆81Updated 9 months ago
- FrogPost: postMessage Security Testing Tool☆55Updated this week
- ☆34Updated 8 months ago
- AIGoat: A deliberately Vulnerable AI Infrastructure. Learn AI security through solving our challenges.☆222Updated 7 months ago
- Unauthenticated enumeration of AWS IAM Roles.☆23Updated 3 months ago
- RedFlag uses AI to identify high-risk code changes. Run it in batch mode for release candidate testing or in CI pipelines to flag PRs and…☆148Updated 5 months ago
- A tool to uncover undocumented APIs from the AWS Console.☆101Updated 5 months ago
- Semgrep-based Policy Controller for Kubernetes☆47Updated 3 weeks ago
- Enumeration/exploit/analysis/download/etc pentesting framework for GCP; modeled like Pacu for AWS; a product of numerous hours via @Webbi…☆243Updated last month