semgrep / semgrep-rules

Related projects ⓘ

Alternatives and complementary repositories for semgrep-rules

• trailofbits / semgrep-rules
  Semgrep queries developed by Trail of Bits.
  ☆329Updated 3 weeks ago
• ShiftLeftSecurity / sast-scan
  Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…
  ☆805Updated last year
• visma-prodsec / confused
  Tool to check for dependency confusion vulnerabilities in multiple package management systems
  ☆695Updated 2 months ago
• wireghoul / graudit
  grep rough audit - source code auditing tool
  ☆1,535Updated 3 months ago
• elttam / semgrep-rules
  ☆175Updated this week
• 0xdea / semgrep-rules
  A collection of my Semgrep rules to facilitate vulnerability research.
  ☆587Updated 4 months ago
• OWASP-Benchmark / BenchmarkJava
  OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web…
  ☆669Updated 3 months ago
• KissPeter / APIFuzzer
  Fuzz test your application using your OpenAPI or Swagger API definition without coding
  ☆429Updated 3 months ago
• trailofbits / it-depends
  A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositorie…
  ☆331Updated 7 months ago
• tcosolutions / betterscan
  Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan
  ☆811Updated this week
• devops-kung-fu / bomber
  Scans Software Bill of Materials (SBOMs) for security vulnerabilities
  ☆509Updated this week
• assetnote / blind-ssrf-chains
  An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
  ☆803Updated 2 years ago
• DataDog / security-labs-pocs
  Proof of concept code for Datadog Security Labs referenced exploits.
  ☆417Updated last year
• google / clusterfuzzlite
  ClusterFuzzLite - Simple continuous fuzzing that runs in CI.
  ☆458Updated 2 weeks ago
• blabla1337 / skf-labs
  Repo for all the OWASP-SKF Docker lab examples
  ☆438Updated 3 months ago
• CloudSecurityAlliance / gsd-database
  Global Security Database
  ☆307Updated 6 months ago
• Charlie-belmer / nosqli
  NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
  ☆355Updated 3 years ago
• githubsatelliteworkshops / codeql
  GitHub Satellite 2020 workshops on finding security vulnerabilities with CodeQL for Java/JavaScript.
  ☆207Updated last month
• bahruzjabiyev / t-reqs
  Grammar-based HTTP/1 fuzzer with mutation ability
  ☆243Updated last week
• OWASP / threat-dragon
  An open source threat modeling tool from OWASP
  ☆930Updated this week
• filedescriptor / untrusted-types
  ☆654Updated 2 years ago
• imperva / automatic-api-attack-tool
  Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an outp…
  ☆457Updated last year
• DataDog / KubeHound
  Tool for building Kubernetes attack paths
  ☆772Updated 2 weeks ago
• OWASP / pytm
  A Pythonic framework for threat modeling
  ☆917Updated 3 months ago
• nikitastupin / pwnhub
  How GitHub Actions workflows can be hacked
  ☆104Updated 2 months ago
• softwaresecured / secure-code-review-checklist
  A starter secure code review checklist
  ☆178Updated 5 years ago
• taviso / rbndr
  Simple DNS Rebinding Service
  ☆625Updated 4 years ago
• brompwnie / botb
  A container analysis and exploitation tool for pentesters and engineers.
  ☆626Updated last year
• PortSwigger / http-request-smuggler
  ☆957Updated 10 months ago
• projectdiscovery / cloudlist
  Cloudlist is a tool for listing Assets from multiple Cloud Providers.
  ☆855Updated this week