Semgrep Alternatives
Similar projects and alternatives to semgrep
-
-
Apache Log4j 2
Apache Log4j 2 is an upgrade to Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides many of the improvements available in Logback while fixing some inherent problems in Logback's architecture.
-
Scout APM
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
-
-
pre-commit
A framework for managing and maintaining multi-language pre-commit hooks.
-
codeql
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security (code scanning), LGTM.com, and LGTM Enterprise
-
Spotbugs
SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
-
detect-secrets
An enterprise friendly way of detecting and preventing secrets in code.
-
SonarQube
Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.
-
-
-
-
find-sec-bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
-
-
-
-
-
-
-
-
-
semgrep reviews and mentions
-
What would you consider to be a must for a modern 2022 dev stack?
One of the tools Ilai Fallach recommended to me was Semgrep it looks really interesting in terms of enforcing coding standards - did any of you guys ever try that?
-
Comby - Structural code search and replace for every language
A more interesting comparison than with Coccinele is with semgrep (https://semgrep.dev/) since it also supports semantic/structural pattern matching over a number of languages, but also adds in a bunch of Boolean logic into the mix, as well as some more advanced semantic features like constant propagation.
Curious whether the teams behind these tools are aware of each other? I suppose it's unlikely that they're not.
-
How we deploy to production over 100 times a day
However when we do introduce new patterns, we do typically put effort into migrating old services when it is feasible (e.g. with automated code re-writing). When it's not we like to gain visibility into the status of services, so we have a "migration tracker" which analyses our source code/config to check which services are using old/new patterns. We also use semgrep in some cases to alert owners of services that are using deprecated/dangerous patterns in CI checks.
-
What's wrong with static-analysis autofix/codemod tools? Why don't we use them more, across the industry? What's your experience?
Over the decades, there's been so very many attempts to address this conundrum; and yet, ...
- Semgrep: Semantic grep for code
-
[Newcomer] Linters for go
The most used ones that I've seen are statticcheck and golangci-lint. If there's something custom that you might need, see Semgrep
-
Experience with Application security tools (Cycode / Legit / Apiiro)
Take a look at semgrep and Snyk for these purposes.
-
What's the best free security scan tool for C/C++ files?
Or alternatively an upcoming yet experimental one is semgrep https://semgrep.dev/
-
infer - A static analyzer for Java, C, C++, and Objective-C open-sourced by Facebook
I'm guessing this is a successor to pfff given that it's a static analysis tool written in OCaml at Facebook. I use and like semgrep already but more competition in this space is always good.
Stats
returntocorp/semgrep is an open source project licensed under GNU General Public License v3.0 or later which is an OSI approved license.
Popular Comparisons
Are you hiring? Post a new remote job listing for free.