Semgrep queries developed by Trail of Bits.
☆485Nov 12, 2025Updated 4 months ago
Alternatives and similar repositories for semgrep-rules
Users that are interested in semgrep-rules are comparing it to the libraries listed below
Sorting:
- ☆229Dec 18, 2025Updated 3 months ago
- A collection of my Semgrep rules to facilitate vulnerability research.☆799Mar 9, 2026Updated last week
- Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.☆1,099Updated this week
- CodeQL queries developed by Trail of Bits☆151Feb 26, 2026Updated 3 weeks ago
- Collection of Semgrep rules for security analysis☆10Mar 30, 2024Updated last year
- A collection of my Semgrep rules☆51Jul 4, 2023Updated 2 years ago
- My custom semgrep rules☆23Sep 13, 2020Updated 5 years ago
- Manager of 14 third-party sources comprising approximately 4,000 Semgrep rules 🗂☆101Dec 24, 2025Updated 2 months ago
- Go rules for semgrep and go-ruleguard☆480Nov 17, 2024Updated last year
- SARIF Explorer: A VSCode extension that helps you visualize and triage static analysis results☆47Mar 13, 2026Updated last week
- A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.☆322Nov 12, 2025Updated 4 months ago
- Custom semgrep rules registry☆14Aug 23, 2022Updated 3 years ago
- Focused malicious code detection ruleset, with a high protection-to-noise ratio☆143Feb 24, 2025Updated last year
- HashiCorp-relevant rules for the Semgrep code analysis tool☆41Oct 3, 2023Updated 2 years ago
- Unsafe Unpacking Vulnerability: Lab Code, Semgrep Rules and Secure Implementation Guide☆43Dec 16, 2024Updated last year
- Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.☆14,504Updated this week
- A mutation-based tool for finding bugs in tests☆137Updated this week
- Publications from Trail of Bits☆1,784Updated this week
- Semgrep rules for smart contracts based on DeFi exploits☆711Jun 2, 2025Updated 9 months ago
- Binary Ninja plugin to automate the process of generating pseudo-C code, running Semgrep over the pseudo-C, and presenting the results.☆35Feb 4, 2025Updated last year
- Create tar/zip archives that try to exploit zipslip vulnerability.☆48Sep 20, 2024Updated last year
- A collection of Semgrep rules which followed security guidelines for .NET and Java.☆24Oct 4, 2021Updated 4 years ago
- My collection of Semgrep rules for vulnerability detection on source code (swift, java, cobol)☆43Dec 3, 2025Updated 3 months ago
- A Python pickling decompiler and static analyzer☆610Updated this week
- To make fuzzing Rust easy☆199Mar 14, 2026Updated last week
- TSLint rules for Angular☆18Nov 30, 2018Updated 7 years ago
- Static code analysis tool to find unsafe usages in Go packages and their dependencies☆44Sep 11, 2020Updated 5 years ago
- A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositorie…☆385Mar 6, 2026Updated 2 weeks ago
- GuardDog is a CLI tool to Identify malicious PyPI and npm packages☆1,017Updated this week
- Semgrep rules corresponding to the OWASP ASVS standard☆27Nov 2, 2020Updated 5 years ago
- ☆14Jan 8, 2026Updated 2 months ago
- Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.☆1,134Updated this week
- ☆21Mar 10, 2026Updated last week
- weggli is a fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interestin…☆2,482Jul 12, 2024Updated last year
- Compares and analyzes GCP IAM roles.☆78Mar 9, 2025Updated last year
- ☆73May 13, 2025Updated 10 months ago
- ☆117Feb 11, 2026Updated last month
- ☆42Nov 13, 2025Updated 4 months ago
- A collection of my weggli patterns to facilitate vulnerability research.☆155Mar 9, 2026Updated last week