semgrep / semgrep-rules

Semgrep rules registry
https://semgrep.dev/registry
Other
817 stars 399 forks source link
grep-like program-analysis security security-scanner semgrep semgrep-registry semgrep-rules static-analysis

semgrep-rules

powered by semgrep

Join Semgrep community Slack

Welcome! This repository is the standard library for open source Semgrep rules.

In addition to the rules in this repository, the Semgrep Registry offers proprietary Pro rules that enable interfile and interprocedural analysis.

Using the Semgrep rules repository

To start writing and using Semgrep rules, see Learn Semgrep syntax and Writing rules. Then, run existing and custom Semgrep rules locally with the Semgrep command line interface (Semgrep CLI) or continuously with Semgrep in CI while using Semgrep AppSec Platform.

Writing Semgrep rules

See Writing rules for information including:

You can also learn how to write rules using the interactive, example-based Semgrep rule tutorial.

Contributing

We welcome Semgrep rule contributions directly to this repository! When submitting your contribution to this repository, we’ll ask you to make Semgrep, Inc. a joint owner of your contributions. While you still own copyright rights to your rule, joint ownership allows Semgrep, Inc. to license these contributions to other Semgrep Registry users pursuant to the LGPL 2.1 under the Commons Clause. See full license details.

Note: To contribute, review the Contributing to Semgrep rules documentation.

You can also contact us at support@semgrep.com to make Semgrep rule contributions. We will import your rules for everyone to use!

Additional information

Help

Join Slack for the fastest answers to your questions! Or contact the team at support@semgrep.com.

GitHub action to run tests

If you fork this repository or create your own, you can add a GitHub Action to your workflow that will automatically test your rules using the latest version of Semgrep. See our semgrep-rules-test example.

Rulesets

Rulesets are groups of rules organized by purpose, language, or framework sourced from the Semgrep Registry. If you want to modify existing rulesets or create your own, please contact us at support@semgrep.com.