Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.
☆1,182Jun 13, 2026Updated this week
Alternatives and similar repositories for semgrep-rules
Users that are interested in semgrep-rules are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.☆15,484Updated this week
- ☆243Jun 3, 2026Updated last week
- Semgrep queries developed by Trail of Bits.☆514May 7, 2026Updated last month
- A collection of my Semgrep rules to facilitate vulnerability research.☆823Updated this week
- Manager of 14 third-party sources comprising approximately 4,000 Semgrep rules 🗂☆115Dec 24, 2025Updated 5 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.☆329Jun 5, 2026Updated last week
- Personal CodeQL queries☆66Apr 6, 2026Updated 2 months ago
- Documentation of Semgrep: a fast, open-source, static analysis tool.☆55Updated this week
- grep rough audit - source code auditing tool☆1,684Dec 19, 2025Updated 5 months ago
- CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security☆9,699Updated this week
- Semgrep rules corresponding to the OWASP ASVS standard☆27Nov 2, 2020Updated 5 years ago
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆878Sep 1, 2023Updated 2 years ago
- InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…☆1,781Updated this week
- Go rules for semgrep and go-ruleguard☆477Nov 17, 2024Updated last year
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- 《深入理解Semgrep》Finding vulnerabilities with Semgrep.☆60Jul 20, 2023Updated 2 years ago
- A CAT called tabby ( Code Analysis Tool )☆1,653Jan 17, 2026Updated 4 months ago
- The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala proje…☆2,427Mar 26, 2026Updated 2 months ago
- ☆16Sep 20, 2023Updated 2 years ago
- A security focused static analysis tool for Android and Java applications.☆1,241Updated this week
- njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.☆426Nov 14, 2024Updated last year
- A declarative static analysis tool for jvm bytecode based Datalog like CodeQL☆342Jan 6, 2024Updated 2 years ago
- My collection of Semgrep rules for vulnerability detection on source code (swift, java, cobol)☆44Dec 3, 2025Updated 6 months ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆8,919Dec 4, 2025Updated 6 months ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.…☆3,244Updated this week
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability☆977Dec 31, 2021Updated 4 years ago
- A collection of Semgrep rules which followed security guidelines for .NET and Java.☆24Oct 4, 2021Updated 4 years ago
- Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practis…☆1,691May 24, 2025Updated last year
- 《深入理解CodeQL》Finding vulnerabilities with CodeQL.☆1,771Nov 21, 2023Updated 2 years ago
- A toolkit for testing, tweaking and cracking JSON Web Tokens☆6,636May 1, 2025Updated last year
- Open-Source Unified Vulnerability Management, DevSecOps & ASPM☆4,748Updated this week
- Resources related to GitHub Security Lab☆1,606Updated this week
- RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities☆449Sep 7, 2022Updated 3 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabl…☆29,109Updated this week
- An extension to use Semgrep inside Burp Suite.☆90May 23, 2025Updated last year
- A byte code analyzer for finding deserialization gadget chains in Java applications☆1,083Jun 15, 2021Updated 4 years ago
- PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.☆3,826Sep 29, 2025Updated 8 months ago
- The cheat sheet about Java Deserialization vulnerabilities☆3,177May 26, 2023Updated 3 years ago
- GitHub Satellite 2020 workshops on finding security vulnerabilities with CodeQL for Java/JavaScript.☆211Sep 27, 2024Updated last year
- Java RMI Vulnerability Scanner☆920Jul 3, 2024Updated last year