trailofbits/semgrep-rules external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

trailofbits/semgrep-rules

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/trailofbits/semgrep-rules)

Close

trailofbits / semgrep-rulesView on GitHubMore

• External links
• Readme badge

Semgrep queries developed by Trail of Bits.

☆500Nov 12, 2025Updated 5 months ago

Alternatives and similar repositories for semgrep-rules

Users that are interested in semgrep-rules are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• elttam / semgrep-rules

  View on GitHub
  ☆233Updated this week
• 0xdea / semgrep-rules

  View on GitHub
  A collection of my Semgrep rules to facilitate vulnerability research.
  ☆811Apr 12, 2026Updated 2 weeks ago
• semgrep / semgrep-rules

  View on GitHub
  Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.
  ☆1,142Updated this week
• trailofbits / codeql-queries

  View on GitHub
  CodeQL queries developed by Trail of Bits
  ☆160Apr 23, 2026Updated last week
• s0rcy / semgrep-rules

  View on GitHub
  Collection of Semgrep rules for security analysis
  ☆10Mar 30, 2024Updated 2 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• federicodotta / semgrep-rules

  View on GitHub
  A collection of my Semgrep rules
  ☆51Jul 4, 2023Updated 2 years ago
• vmnguyen / semgrep-rules

  View on GitHub
  My custom semgrep rules
  ☆23Sep 13, 2020Updated 5 years ago
• iosifache / semgrep-rules-manager

  View on GitHub
  Manager of 14 third-party sources comprising approximately 4,000 Semgrep rules 🗂
  ☆108Dec 24, 2025Updated 4 months ago
• dgryski / semgrep-go

  View on GitHub
  Go rules for semgrep and go-ruleguard
  ☆478Nov 17, 2024Updated last year
• kondukto-io / semgrep-rules

  View on GitHub
  Custom semgrep rules registry
  ☆14Aug 23, 2022Updated 3 years ago
• mindedsecurity / semgrep-rules-android-security

  View on GitHub
  A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.
  ☆329Nov 12, 2025Updated 5 months ago
• trailofbits / vscode-sarif-explorer

  View on GitHub
  SARIF Explorer: A VSCode extension that helps you visualize and triage static analysis results
  ☆49Apr 22, 2026Updated last week
• apiiro / malicious-code-ruleset

  View on GitHub
  Focused malicious code detection ruleset, with a high protection-to-noise ratio
  ☆146Feb 24, 2025Updated last year
• hashicorp-forge / semgrep-rules

  View on GitHub
  HashiCorp-relevant rules for the Semgrep code analysis tool
  ☆41Oct 3, 2023Updated 2 years ago
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• doyensec / Unsafe-Unpacking

  View on GitHub
  Unsafe Unpacking Vulnerability: Lab Code, Semgrep Rules and Secure Implementation Guide
  ☆43Dec 16, 2024Updated last year
• semgrep / semgrep

  View on GitHub
  Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
  ☆14,976Updated this week
• trailofbits / necessist

  View on GitHub
  A mutation-based tool for finding bugs in tests
  ☆140Updated this week
• trailofbits / publications

  View on GitHub
  Publications from Trail of Bits
  ☆1,822Updated this week
• Decurity / semgrep-smart-contracts

  View on GitHub
  Semgrep rules for smart contracts based on DeFi exploits
  ☆711Jun 2, 2025Updated 10 months ago
• nodyhub / zipslipper

  View on GitHub
  Create tar/zip archives that try to exploit zipslip vulnerability.
  ☆48Sep 20, 2024Updated last year
• tuannq2299 / semgrep-rules

  View on GitHub
  A collection of Semgrep rules which followed security guidelines for .NET and Java.
  ☆24Oct 4, 2021Updated 4 years ago
• interruptlabs / semgrep_bn

  View on GitHub
  Binary Ninja plugin to automate the process of generating pseudo-C code, running Semgrep over the pseudo-C, and presenting the results.
  ☆36Feb 4, 2025Updated last year
• trailofbits / fickling

  View on GitHub
  A Python pickling decompiler and static analyzer
  ☆619Apr 23, 2026Updated last week
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• trailofbits / test-fuzz

  View on GitHub
  To make fuzzing Rust easy
  ☆203Apr 23, 2026Updated last week
• jlauinger / go-geiger

  View on GitHub
  Static code analysis tool to find unsafe usages in Go packages and their dependencies
  ☆44Sep 11, 2020Updated 5 years ago
• trailofbits / it-depends

  View on GitHub
  A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositorie…
  ☆390Apr 23, 2026Updated last week
• DataDog / guarddog

  View on GitHub
  GuardDog is a CLI tool to Identify malicious PyPI and npm packages
  ☆1,068Updated this week
• semgrep-old / rules-owasp-asvs

  View on GitHub
  Semgrep rules corresponding to the OWASP ASVS standard
  ☆27Nov 2, 2020Updated 5 years ago
• Permiso-io-tools / bucket-shield

  View on GitHub
  ☆14Jan 8, 2026Updated 3 months ago
• trailofbits / go-fuzz-utils

  View on GitHub
  ☆21Mar 23, 2026Updated last month
• owasp-noir / noir

  View on GitHub
  Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.
  ☆1,181Updated this week
• weggli-rs / weggli

  View on GitHub
  weggli is a fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interestin…
  ☆2,484Jul 12, 2024Updated last year
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• synacktiv / nord-stream

  View on GitHub
  Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …
  ☆356Apr 21, 2026Updated last week
• jdyke / gcp-iam-analyzer

  View on GitHub
  Compares and analyzes GCP IAM roles.
  ☆79Mar 9, 2025Updated last year
• google / containerdbg

  View on GitHub
  ☆73May 13, 2025Updated 11 months ago
• google / localtoast

  View on GitHub
  ☆116Feb 11, 2026Updated 2 months ago
• bilals12 / clusterfuck

  View on GitHub
  ☆43Nov 13, 2025Updated 5 months ago
• 0xdea / weggli-patterns

  View on GitHub
  A collection of my weggli patterns to facilitate vulnerability research.
  ☆156Apr 3, 2026Updated 3 weeks ago
• ncc-erik-steringer / Aerides

  View on GitHub
  An implementation of infrastructure-as-code scanning using dynamic tooling.
  ☆56Jan 18, 2022Updated 4 years ago