Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Semgrep rules registry

Define and run pattern-based custom linting rules.

Semgrep rules for smart contracts based on DeFi exploits

A collection of my Semgrep rules to facilitate vulnerability research.

VULNRΞPO - Free vulnerability report generator and repository, end-to-end encrypted! Templates of issues, CWE,CVE,MITRE ATT&CK,PCI DSS, import Nmap/Nessus/Burp/OpenVAS/Bugcrowd/Trivy, Jira export, TXT/JSON/MARKDOWN/HTML/DOCX report, attachments, automatic changelog, statistics, vulnerability management, bug bounty, pentest reporting !

A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.

Automatically detect potential vulnerabilities and analyze repository metrics to prioritize open source security research targets

Generic SAST Library

An extension to use Semgrep inside Burp Suite.

Manager of third-party sources of Semgrep rules 🗂

This project is deprecated. Use https://github.com/returntocorp/semgrep instead

🌐 Visualize and explore IaC ✒️ Create and share notes in VS Code 🤝 Sync notes and findings in real-time with friends

Semgrep extension for Visual Studio Code

GitHub Actions CI/CD - Master Template & Reusable Workflows Library - Docker Builds, AWS, Python, Terraform, Jenkins, Linting, Security Scanning, Make Builds etc.

Semgrep rules specific to Frappe Framework

《深入理解Semgrep》Finding vulnerabilities with Semgrep.

Documentation of Semgrep: a fast, open-source, static analysis tool.

🧪 Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.