SaaSHub helps you find the best software and product alternatives Learn more →
Semgrep-rules Alternatives
Similar projects and alternatives to semgrep-rules
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
transformers
🤗 Transformers: the model-definition framework for state-of-the-art machine learning models in text, vision, audio, and multimodal models, for both inference and training.
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
-
Apache Log4j 2
Apache Log4j is a versatile, feature-rich, efficient logging API and backend for Java.
-
semgrep
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
-
-
MLflow
The open source AI engineering platform for agents, LLMs, and ML models. MLflow enables teams of all sizes to debug, evaluate, monitor, and optimize production-quality AI applications while controlling costs and managing access to models and data.
-
-
-
Ray
Ray is an AI compute engine. Ray consists of a core distributed runtime and a set of AI Libraries for accelerating ML workloads.
-
-
-
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
-
datasets
🤗 The largest hub of ready-to-use datasets for AI models with fast, easy-to-use and efficient data manipulation tools
-
-
-
-
find-sec-bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
-
NOTE:
The number of mentions on this list indicates mentions on common posts plus user suggested alternatives.
Hence, a higher number means a better semgrep-rules alternative or higher similarity.
semgrep-rules discussion
semgrep-rules reviews and mentions
Posts with mentions or reviews of semgrep-rules.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2026-04-06.
-
How to Write Custom Semgrep Rules: Complete Tutorial
Fork the semgrep-rules repository
- GSoC 2026 Predictions: 30 NEW AI/ML/Security Organizations You Should Start Contributing to NOW!
-
Lessons Learned #3: Is your random UUID really random? (Account takeover with the sandwich 🥪 attack)
Use SAST and Linters: This kind of implementation issue could be detected automatically using tools SAST and Linters as the vulnerable functions are known. For example, in this case I couldn’t find a SAST rule to detect the usage of UUIDv1, but I took advantage of Semgrep’s Custom rules feature to add a rule to detect the usage of UUIDv1 in Python in the Semgrep Open source Rule Registry. Here is the Pull Request I submitted to add the rule https://github.com/semgrep/semgrep-rules/pull/3517 Here’s an example of findings generated by the new rule I added:
- Writing Secure Go Code
-
Powerful SAST project for Android Application Security
Nice and all, but why not contribute to https://github.com/returntocorp/semgrep-rules ?
-
Semgrep - Beta support for Rust
Well, the rules they actually added are pretty noisy. There's also not a lot of them.
-
Spring Actuator - Finding Actuators using Static Code Analysis - Part 2
The semgrep registry contains lots of rules for many issues, and you can contribute your own.
-
Just Say No To `:Latest`
Hadolint is great! If you want to customize your lint logic beyond the checks in it, I recently wrote a Semgrep rule to require all our Dockerfiles to pin images with a sha256 hash that could be a good starting point: https://github.com/returntocorp/semgrep-rules/pull/1861/file...
-
RCE 0-day exploit found in log4j, a popular Java logging package
Semgrep Rules for searching source code
-
Hacktoberfest and open-source security
Interested? More details are in this Hacktoberfest README.
-
A note from our sponsor - SaaSHub
www.saashub.com | 12 Jun 2026
Stats
Basic semgrep-rules repo stats
12
1,176
7.4
8 days ago
semgrep/semgrep-rules is an open source project licensed under GNU General Public License v3.0 or later which is an OSI approved license.
The primary programming language of semgrep-rules is HCL.
Popular Comparisons
- semgrep-rules VS semgrep
- semgrep-rules VS CVE-2021-44228-Log4Shell-Hashes
- semgrep-rules VS find-sec-bugs
- semgrep-rules VS ThreatMapper
- semgrep-rules VS active-scan-plus-plus
- semgrep-rules VS Log4JShell-Bytecode-Detector
- semgrep-rules VS Apache Log4j 2
- semgrep-rules VS semgrep-rules-android-security
- semgrep-rules VS dockerfile-image-update
- semgrep-rules VS capslock
Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com