Semgrep queries developed by Trail of Bits.
☆493Nov 12, 2025Updated 4 months ago
Alternatives and similar repositories for semgrep-rules
Users that are interested in semgrep-rules are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A collection of my Semgrep rules to facilitate vulnerability research.☆807Updated this week
- ☆229Dec 18, 2025Updated 3 months ago
- Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.☆1,123Updated this week
- CodeQL queries developed by Trail of Bits☆157Apr 3, 2026Updated last week
- Collection of Semgrep rules for security analysis☆10Mar 30, 2024Updated 2 years ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- A collection of my Semgrep rules☆51Jul 4, 2023Updated 2 years ago
- My custom semgrep rules☆23Sep 13, 2020Updated 5 years ago
- Manager of 14 third-party sources comprising approximately 4,000 Semgrep rules 🗂☆106Dec 24, 2025Updated 3 months ago
- Go rules for semgrep and go-ruleguard☆479Nov 17, 2024Updated last year
- A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.☆326Nov 12, 2025Updated 4 months ago
- Custom semgrep rules registry☆14Aug 23, 2022Updated 3 years ago
- SARIF Explorer: A VSCode extension that helps you visualize and triage static analysis results☆49Mar 26, 2026Updated 2 weeks ago
- Focused malicious code detection ruleset, with a high protection-to-noise ratio☆145Feb 24, 2025Updated last year
- HashiCorp-relevant rules for the Semgrep code analysis tool☆41Oct 3, 2023Updated 2 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- Unsafe Unpacking Vulnerability: Lab Code, Semgrep Rules and Secure Implementation Guide☆43Dec 16, 2024Updated last year
- Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.☆14,747Updated this week
- A mutation-based tool for finding bugs in tests☆138Updated this week
- Publications from Trail of Bits☆1,806Updated this week
- Semgrep rules for smart contracts based on DeFi exploits☆711Jun 2, 2025Updated 10 months ago
- Binary Ninja plugin to automate the process of generating pseudo-C code, running Semgrep over the pseudo-C, and presenting the results.☆36Feb 4, 2025Updated last year
- Create tar/zip archives that try to exploit zipslip vulnerability.☆48Sep 20, 2024Updated last year
- A collection of Semgrep rules which followed security guidelines for .NET and Java.☆24Oct 4, 2021Updated 4 years ago
- My collection of Semgrep rules for vulnerability detection on source code (swift, java, cobol)☆43Dec 3, 2025Updated 4 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- A Python pickling decompiler and static analyzer☆618Updated this week
- To make fuzzing Rust easy☆199Apr 2, 2026Updated last week
- TSLint rules for Angular☆18Nov 30, 2018Updated 7 years ago
- Static code analysis tool to find unsafe usages in Go packages and their dependencies☆44Sep 11, 2020Updated 5 years ago
- A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositorie…☆387Mar 24, 2026Updated 2 weeks ago
- GuardDog is a CLI tool to Identify malicious PyPI and npm packages☆1,045Updated this week
- Semgrep rules corresponding to the OWASP ASVS standard☆27Nov 2, 2020Updated 5 years ago
- ☆14Jan 8, 2026Updated 3 months ago
- ☆21Mar 23, 2026Updated 2 weeks ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.☆1,162Updated this week
- weggli is a fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interestin…☆2,486Jul 12, 2024Updated last year
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …☆354Mar 10, 2026Updated last month
- Compares and analyzes GCP IAM roles.☆79Mar 9, 2025Updated last year
- ☆73May 13, 2025Updated 10 months ago
- ☆117Feb 11, 2026Updated 2 months ago
- ☆42Nov 13, 2025Updated 4 months ago