Alternatives and similar repositories for semgrep-rules

Users that are interested in semgrep-rules are comparing it to the libraries listed below

• ShiftLeftSecurity / sast-scan
  Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…
  ☆839Updated last year
• trailofbits / semgrep-rules
  Semgrep queries developed by Trail of Bits.
  ☆401Updated 3 weeks ago
• visma-prodsec / confused
  Tool to check for dependency confusion vulnerabilities in multiple package management systems
  ☆715Updated 8 months ago
• tcosolutions / betterscan
  Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan
  ☆859Updated last month
• OWASP-Benchmark / BenchmarkJava
  OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web…
  ☆708Updated 2 weeks ago
• wireghoul / graudit
  grep rough audit - source code auditing tool
  ☆1,605Updated 3 weeks ago
• elttam / semgrep-rules
  ☆190Updated 6 months ago
• google / clusterfuzzlite
  ClusterFuzzLite - Simple continuous fuzzing that runs in CI.
  ☆481Updated 5 months ago
• OWASP / pytm
  A Pythonic framework for threat modeling
  ☆996Updated 2 months ago
• 0xdea / semgrep-rules
  A collection of my Semgrep rules to facilitate vulnerability research.
  ☆625Updated 10 months ago
• KissPeter / APIFuzzer
  Fuzz test your application using your OpenAPI or Swagger API definition without coding
  ☆445Updated 2 months ago
• CodeIntelligenceTesting / jazzer
  Coverage-guided, in-process fuzzing for the JVM
  ☆1,107Updated last month
• magnologan / awesome-sca
  A comprehensive list of software composition analysis tools.
  ☆146Updated 11 months ago
• doyensec / inql
  InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…
  ☆1,619Updated 2 weeks ago
• ajinabraham / njsscan
  njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
  ☆399Updated 6 months ago
• github / securitylab
  Resources related to GitHub Security Lab
  ☆1,465Updated 4 months ago
• inguardians / peirates
  Peirates - Kubernetes Penetration Testing tool
  ☆1,315Updated 3 weeks ago
• AdnaneKhan / Gato-X
  GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.
  ☆320Updated last week
• mazen160 / secrets-patterns-db
  Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.
  ☆1,136Updated last year
• cider-security-research / top-10-cicd-security-risks
  ☆412Updated 2 years ago
• OWASP / threat-dragon
  An open source threat modeling tool from OWASP
  ☆1,093Updated this week
• praetorian-inc / gato
  GitHub Actions Pipeline Enumeration and Attack Tool
  ☆639Updated last month
• owasp-noir / noir
  Attack surface detector that identifies endpoints by static analysis
  ☆697Updated this week
• devops-kung-fu / bomber
  Scans Software Bill of Materials (SBOMs) for security vulnerabilities
  ☆565Updated last month
• rung / threat-matrix-cicd
  Threat matrix for CI/CD Pipeline
  ☆750Updated 10 months ago
• Orange-Cyberdefense / grepmarx
  A source code static analysis platform for AppSec enthusiasts.
  ☆243Updated 2 months ago
• trailofbits / it-depends
  A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositorie…
  ☆358Updated 5 months ago
• ossf / malicious-packages
  A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…
  ☆308Updated this week
• snoopysecurity / Broken-Vulnerable-Code-Snippets
  A small collection of vulnerable code snippets
  ☆735Updated 7 months ago
• github / codeql-cli-binaries
  Binaries for the CodeQL CLI
  ☆813Updated last week