Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.
☆1,085Feb 28, 2026Updated this week
Alternatives and similar repositories for semgrep-rules
Users that are interested in semgrep-rules are comparing it to the libraries listed below
Sorting:
- ☆227Dec 18, 2025Updated 2 months ago
- Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.☆14,285Updated this week
- Semgrep queries developed by Trail of Bits.☆482Nov 12, 2025Updated 3 months ago
- A collection of my Semgrep rules to facilitate vulnerability research.☆798Feb 17, 2026Updated last week
- Documentation of Semgrep: a fast, open-source, static analysis tool.☆48Updated this week
- Manager of 14 third-party sources comprising approximately 4,000 Semgrep rules 🗂☆101Dec 24, 2025Updated 2 months ago
- A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.☆319Nov 12, 2025Updated 3 months ago
- InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…☆1,737Feb 16, 2026Updated 2 weeks ago
- Personal CodeQL queries☆63Dec 15, 2025Updated 2 months ago
- grep rough audit - source code auditing tool☆1,679Dec 19, 2025Updated 2 months ago
- CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security☆9,267Updated this week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆868Sep 1, 2023Updated 2 years ago
- The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala proje…☆2,412Jun 17, 2025Updated 8 months ago
- A security focused static analysis tool for Android and Java applications.☆1,214Feb 20, 2026Updated last week
- A CAT called tabby ( Code Analysis Tool )☆1,637Jan 17, 2026Updated last month
- Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.…☆2,959Updated this week
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability☆953Dec 31, 2021Updated 4 years ago
- njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.☆423Nov 14, 2024Updated last year
- Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practis…☆1,676May 24, 2025Updated 9 months ago
- 《深入理解Semgrep》Finding vulnerabilities with Semgrep.☆58Jul 20, 2023Updated 2 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆8,765Dec 4, 2025Updated 2 months ago
- A declarative static analysis tool for jvm bytecode based Datalog like CodeQL☆345Jan 6, 2024Updated 2 years ago
- Go rules for semgrep and go-ruleguard☆480Nov 17, 2024Updated last year
- A byte code analyzer for finding deserialization gadget chains in Java applications☆1,079Jun 15, 2021Updated 4 years ago
- Resources related to GitHub Security Lab☆1,585Dec 2, 2025Updated 3 months ago
- Semgrep rules corresponding to the OWASP ASVS standard☆27Nov 2, 2020Updated 5 years ago
- A toolkit for testing, tweaking and cracking JSON Web Tokens☆6,389May 1, 2025Updated 10 months ago
- Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"☆356Oct 14, 2020Updated 5 years ago
- Generic SAST Library☆135Jun 17, 2025Updated 8 months ago
- ☆16Sep 20, 2023Updated 2 years ago
- Open-Source Unified Vulnerability Management, DevSecOps & ASPM☆4,532Updated this week
- SSRF (Server Side Request Forgery) testing resources☆2,483Oct 12, 2024Updated last year
- Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service)☆847Feb 9, 2024Updated 2 years ago
- Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabl…☆27,194Updated this week
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆613Mar 4, 2021Updated 4 years ago
- 《深入理解CodeQL》Finding vulnerabilities with CodeQL.☆1,754Nov 21, 2023Updated 2 years ago
- Tool to check for dependency confusion vulnerabilities in multiple package management systems☆778Aug 19, 2024Updated last year
- RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities☆446Sep 7, 2022Updated 3 years ago
- Contextual Content Discovery Tool☆3,096Apr 29, 2024Updated last year