Alternatives and similar repositories for semgrep-rules

Users that are interested in semgrep-rules are comparing it to the libraries listed below

• ShiftLeftSecurity / sast-scan
  Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…
  ☆862Updated 2 years ago
• trailofbits / semgrep-rules
  Semgrep queries developed by Trail of Bits.
  ☆466Updated 2 months ago
• visma-prodsec / confused
  Tool to check for dependency confusion vulnerabilities in multiple package management systems
  ☆773Updated last year
• elttam / semgrep-rules
  ☆222Updated last month
• DataDog / security-labs-pocs
  Proof of concept code for Datadog Security Labs referenced exploits.
  ☆448Updated last week
• wireghoul / graudit
  grep rough audit - source code auditing tool
  ☆1,666Updated 3 weeks ago
• CloudSecurityAlliance / gsd-database
  Global Security Database
  ☆316Updated last year
• OWASP-Benchmark / BenchmarkJava
  OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web…
  ☆767Updated this week
• OWASP / pytm
  A Pythonic framework for threat modeling
  ☆1,089Updated last week
• xbow-engineering / validation-benchmarks
  XBOW Validation Benchmarks
  ☆435Updated 7 months ago
• KissPeter / APIFuzzer
  Fuzz test your application using your OpenAPI or Swagger API definition without coding
  ☆464Updated 10 months ago
• ossf / package-analysis
  Open Source Package Analysis
  ☆860Updated 9 months ago
• 0xdea / semgrep-rules
  A collection of my Semgrep rules to facilitate vulnerability research.
  ☆769Updated 2 weeks ago
• magnologan / awesome-sca
  A comprehensive list of software composition analysis tools.
  ☆160Updated 2 months ago
• doyensec / regexploit
  Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service)
  ☆844Updated last year
• cdxgen / cdxgen
  Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…
  ☆881Updated this week
• trailofbits / it-depends
  A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositorie…
  ☆381Updated 2 weeks ago
• snoopysecurity / Broken-Vulnerable-Code-Snippets
  A small collection of vulnerable code snippets
  ☆780Updated last year
• ajinabraham / njsscan
  njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
  ☆421Updated last year
• mazen160 / secrets-patterns-db
  Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.
  ☆1,310Updated 5 months ago
• ossf / malicious-packages
  A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…
  ☆434Updated this week
• praetorian-inc / gato
  GitHub Actions Pipeline Enumeration and Attack Tool
  ☆722Updated 4 months ago
• OWASP / threat-dragon
  An open source threat modeling tool from OWASP
  ☆1,283Updated this week
• cider-security-research / top-10-cicd-security-risks
  ☆422Updated 2 years ago
• Threagile / threagile
  Agile Threat Modeling Toolkit
  ☆717Updated last month
• GitHubSecurityLab / CodeQL-Community-Packs
  Collection of community-driven CodeQL query, library and extension packs
  ☆199Updated last month
• google / clusterfuzzlite
  ClusterFuzzLite - Simple continuous fuzzing that runs in CI.
  ☆516Updated last month
• AdnaneKhan / gato-x
  GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.
  ☆471Updated last week
• DataDog / guarddog
  GuardDog is a CLI tool to Identify malicious PyPI and npm packages
  ☆957Updated this week
• chris-koch-penn / gpt3_security_vulnerability_scanner
  GPT-3 found hundreds of security vulnerabilities in this repo
  ☆601Updated 2 years ago