Semgrep queries developed by Trail of Bits.
☆482Nov 12, 2025Updated 3 months ago
Alternatives and similar repositories for semgrep-rules
Users that are interested in semgrep-rules are comparing it to the libraries listed below
Sorting:
- A collection of my Semgrep rules to facilitate vulnerability research.☆798Feb 17, 2026Updated last week
- ☆227Dec 18, 2025Updated 2 months ago
- Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.☆1,085Updated this week
- CodeQL queries developed by Trail of Bits☆147Updated this week
- Collection of Semgrep rules for security analysis☆10Mar 30, 2024Updated last year
- SARIF Explorer: A VSCode extension that helps you visualize and triage static analysis results☆46Updated this week
- A collection of my Semgrep rules☆51Jul 4, 2023Updated 2 years ago
- Manager of 14 third-party sources comprising approximately 4,000 Semgrep rules 🗂☆101Dec 24, 2025Updated 2 months ago
- Go rules for semgrep and go-ruleguard☆480Nov 17, 2024Updated last year
- A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.☆319Nov 12, 2025Updated 3 months ago
- Custom semgrep rules registry☆14Aug 23, 2022Updated 3 years ago
- My custom semgrep rules☆23Sep 13, 2020Updated 5 years ago
- Unsafe Unpacking Vulnerability: Lab Code, Semgrep Rules and Secure Implementation Guide☆43Dec 16, 2024Updated last year
- Publications from Trail of Bits☆1,769Updated this week
- Semgrep rules for smart contracts based on DeFi exploits☆707Jun 2, 2025Updated 8 months ago
- HashiCorp-relevant rules for the Semgrep code analysis tool☆41Oct 3, 2023Updated 2 years ago
- A collection of Semgrep rules which followed security guidelines for .NET and Java.☆24Oct 4, 2021Updated 4 years ago
- Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.☆14,285Updated this week
- ☆14Jan 8, 2026Updated last month
- A Python pickling decompiler and static analyzer☆604Updated this week
- TSLint rules for Angular☆18Nov 30, 2018Updated 7 years ago
- A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositorie…☆385Feb 13, 2026Updated 2 weeks ago
- Compares and analyzes GCP IAM roles.☆78Mar 9, 2025Updated 11 months ago
- My collection of Semgrep rules for vulnerability detection on source code (swift, java, cobol)☆42Dec 3, 2025Updated 2 months ago
- ☆73May 13, 2025Updated 9 months ago
- Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.☆1,105Updated this week
- A mutation-based tool for finding bugs in tests☆136Updated this week
- GuardDog is a CLI tool to Identify malicious PyPI and npm packages☆1,003Updated this week
- Gram is Klarna's own threat model diagramming tool☆329Jan 26, 2026Updated last month
- Focused malicious code detection ruleset, with a high protection-to-noise ratio☆143Feb 24, 2025Updated last year
- Documentation of Semgrep: a fast, open-source, static analysis tool.☆48Updated this week
- To make fuzzing Rust easy☆197Updated this week
- An implementation of infrastructure-as-code scanning using dynamic tooling.☆56Jan 18, 2022Updated 4 years ago
- Binary Ninja plugin to automate the process of generating pseudo-C code, running Semgrep over the pseudo-C, and presenting the results.☆34Feb 4, 2025Updated last year
- A collection of my weggli patterns to facilitate vulnerability research.☆155Jan 14, 2026Updated last month
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …☆315Jan 25, 2026Updated last month
- Semgrep rules corresponding to the OWASP ASVS standard☆27Nov 2, 2020Updated 5 years ago
- docker env for ios research on a mac host☆28Jun 12, 2025Updated 8 months ago
- openrisk is a tool that generates a risk score based on the results of a Nuclei scan.☆180Dec 22, 2025Updated 2 months ago