semgrep / semgrep-rules
Semgrep rules registry
☆809Updated this week
Related projects ⓘ
Alternatives and complementary repositories for semgrep-rules
- Tool to check for dependency confusion vulnerabilities in multiple package management systems☆701Updated 3 months ago
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆808Updated last year
- grep rough audit - source code auditing tool☆1,539Updated 3 months ago
- Semgrep queries developed by Trail of Bits.☆330Updated this week
- Proof of concept code for Datadog Security Labs referenced exploits.☆417Updated last year
- Resources related to GitHub Security Lab☆1,415Updated 3 months ago
- OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web…☆670Updated 4 months ago
- A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositorie…☆331Updated 8 months ago
- ClusterFuzzLite - Simple continuous fuzzing that runs in CI.☆458Updated 3 weeks ago
- A collection of my Semgrep rules to facilitate vulnerability research.☆589Updated 4 months ago
- GitHub Actions Pipeline Enumeration and Attack Tool☆570Updated 3 months ago
- Peirates - Kubernetes Penetration Testing tool☆1,243Updated last month
- ☆175Updated 2 weeks ago
- Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan☆818Updated this week
- ☆958Updated 11 months ago
- Global Security Database☆309Updated 6 months ago
- InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…☆1,540Updated 4 months ago
- Finding potential software vulnerabilities from git commit messages☆397Updated last year
- Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service)☆793Updated 9 months ago
- A container analysis and exploitation tool for pentesters and engineers.☆643Updated last year
- Pilot program for CVE submission through GitHub. CVE Record Submission via Pilot PRs ending 6/30/2023☆1,349Updated this week
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability☆804Updated 2 years ago
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆515Updated this week
- Tool for building Kubernetes attack paths☆775Updated this week
- GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)☆1,391Updated 8 months ago
- A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sp…☆542Updated this week
- Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.☆1,046Updated 9 months ago
- Grammar-based HTTP/1 fuzzer with mutation ability☆243Updated 3 weeks ago
- A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos enginee…☆213Updated 6 months ago
- NVD, Ubuntu, Alpine☆410Updated this week