Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at www.getonboard.dev. Learn more →
Semgrep Alternatives
Similar projects and alternatives to semgrep
-
-
snyk
Snyk CLI scans and monitors your projects for security vulnerabilities. [Moved to: https://github.com/snyk/cli]
-
Onboard AI
Learn any GitHub repo in 59 seconds. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at www.getonboard.dev.
-
Apache Log4j 2
Apache Log4j 2 is a versatile, feature-rich, efficient logging API and backend for Java.
-
pre-commit
A framework for managing and maintaining multi-language pre-commit hooks.
-
codeql
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
-
Spotbugs
SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
-
-
InfluxDB
Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.
-
detect-secrets
An enterprise friendly way of detecting and preventing secrets in code.
-
-
-
-
-
-
git-secrets
Prevents you from committing secrets and credentials into git repositories
-
-
-
coq
Coq is a formal proof management system. It provides a formal language to write mathematical definitions, executable algorithms and theorems together with an environment for semi-interactive development of machine-checked proofs.
-
-
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
NOTE:
The number of mentions on this list indicates mentions on common posts plus user suggested alternatives.
Hence, a higher number means a better semgrep alternative or higher similarity.
semgrep reviews and mentions
Posts with mentions or reviews of semgrep.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-08-31.
-
Top 10 Snyk Alternatives for Code Security
7. Semgrep
-
semgrep VS bearer - a user suggested alternative
2 projects | 10 Jul 2023
-
Powerful SAST project for Android Application Security
This project is a compilation of Semgrep rules derived from the OWASP Mobile Application Security Testing Guide (MASTG) specifically for Android applications. The aim is to enhance and support Mobile Application Penetration Testing (MAPT) activities conducted by the ethical hacker community. The primary objective of these rules is to address the static tests outlined in the OWASP MASTG.
- OCaml 5.0 Multicore is out
-
Do you SecDevOps?
For generally code analysis, I used Semgrep in the past.
-
Spring Actuator - Finding Actuators using Static Code Analysis - Part 2
For these cases, let me introduce you to my favorite static code analysis tool: semgrep. It's a free Open Source tool that you can install and use right now (it only starts costing money if you want to use their dashboard to view the results, which is entirely optional, and all code scanning runs on your device - code is never uploaded to any servers). As stated briefly, semgrep searches for code matching specific patterns, taking the semantics of the code into account (hence, semantic grep). You can use it for security checks based on a large set of detection rules curated by the semgrep community, but where it really shines is when you start writing rules for your own use cases.
-
Semgrep: Writing quick rules to verify ideas
Good idea! I opened an issue here: https://github.com/returntocorp/semgrep/issues/6331
- “You meant to install ripgrep”
-
How to approach modifying source code programmatically?
I would probably start by seeing if I can use an existing tool to handle this for me. For example, I like using Comby and sometimes Semgrep for this sort of thing.
-
How to ensure required fields in struct consistently?
FWIW you can probably write a semgrep rule or something, to find all struct literals which don't mention a specific field.
-
A note from our sponsor - Onboard AI
getonboard.dev | 30 Nov 2023
Stats
Basic semgrep repo stats
68
9,085
9.9
about 10 hours ago
semgrep/semgrep is an open source project licensed under GNU Lesser General Public License v3.0 only which is an OSI approved license.
The primary programming language of semgrep is OCaml.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com