semgrep / semgrep-rules
Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.
☆880Updated this week
Alternatives and similar repositories for semgrep-rules:
Users that are interested in semgrep-rules are comparing it to the libraries listed below
- Semgrep queries developed by Trail of Bits.☆390Updated 2 weeks ago
- grep rough audit - source code auditing tool☆1,592Updated 3 months ago
- Tool to check for dependency confusion vulnerabilities in multiple package management systems☆717Updated 7 months ago
- ClusterFuzzLite - Simple continuous fuzzing that runs in CI.☆477Updated 3 months ago
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆836Updated last year
- Fuzz test your application using your OpenAPI or Swagger API definition without coding☆442Updated 2 weeks ago
- A collection of my Semgrep rules to facilitate vulnerability research.☆614Updated 8 months ago
- A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositorie…☆351Updated 3 months ago
- Proof of concept code for Datadog Security Labs referenced exploits.☆425Updated last year
- ☆184Updated 4 months ago
- OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web…☆698Updated this week
- A Pythonic framework for threat modeling☆974Updated last month
- How GitHub Actions workflows can be hacked☆147Updated 7 months ago
- Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.☆1,112Updated last year
- Tool for building Kubernetes attack paths☆833Updated last week
- Grammar-based HTTP/1 fuzzer with mutation ability☆248Updated 4 months ago
- A container analysis and exploitation tool for pentesters and engineers.☆663Updated last year
- Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan☆853Updated last week
- Resources related to GitHub Security Lab☆1,457Updated 2 months ago
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆652Updated this week
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆297Updated this week
- OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for …☆1,077Updated this week
- Agile Threat Modeling Toolkit☆653Updated last week
- InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…☆1,599Updated last week
- BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition☆674Updated last month
- njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.☆391Updated 4 months ago
- GitHub Actions Pipeline Enumeration and Attack Tool☆599Updated 2 weeks ago
- 🎯 Fast CORS misconfiguration vulnerabilities scanner☆1,062Updated 3 years ago
- Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.☆1,576Updated last week
- Cloudlist is a tool for listing Assets from multiple Cloud Providers.☆916Updated last week