SaaSHub helps you find the best software and product alternatives Learn more →
Semgrep-rules Alternatives
Similar projects and alternatives to semgrep-rules
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
Apache Log4j 2
Apache Log4j 2 is a versatile, feature-rich, efficient logging API and backend for Java.
-
-
semgrep
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
-
-
-
-
-
Log4JShell-Bytecode-Detector
Local Bytecode Scanner for the Log4JShell Vulnerability (CVE-2021-44228)
-
find-sec-bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
-
-
-
dockerfile-image-update
A tool that helps you get security patches for Docker images into production as quickly as possible without breaking things
-
semgrep-rules-android-security
A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.
-
blog-spring-actuator-example
An example project with a vulnerable Spring Actuator configuration, as a companion to a blog post
-
semgrep-rules discussion
semgrep-rules reviews and mentions
-
Lessons Learned #3: Is your random UUID really random? (Account takeover with the sandwich 🥪 attack)
Use SAST and Linters: This kind of implementation issue could be detected automatically using tools SAST and Linters as the vulnerable functions are known. For example, in this case I couldn’t find a SAST rule to detect the usage of UUIDv1, but I took advantage of Semgrep’s Custom rules feature to add a rule to detect the usage of UUIDv1 in Python in the Semgrep Open source Rule Registry. Here is the Pull Request I submitted to add the rule https://github.com/semgrep/semgrep-rules/pull/3517 Here’s an example of findings generated by the new rule I added:
- Writing Secure Go Code
-
Powerful SAST project for Android Application Security
Nice and all, but why not contribute to https://github.com/returntocorp/semgrep-rules ?
-
Semgrep - Beta support for Rust
Well, the rules they actually added are pretty noisy. There's also not a lot of them.
-
Spring Actuator - Finding Actuators using Static Code Analysis - Part 2
The semgrep registry contains lots of rules for many issues, and you can contribute your own.
-
Just Say No To `:Latest`
Hadolint is great! If you want to customize your lint logic beyond the checks in it, I recently wrote a Semgrep rule to require all our Dockerfiles to pin images with a sha256 hash that could be a good starting point: https://github.com/returntocorp/semgrep-rules/pull/1861/file...
-
RCE 0-day exploit found in log4j, a popular Java logging package
Semgrep Rules for searching source code
-
Hacktoberfest and open-source security
Interested? More details are in this Hacktoberfest README.
- Semgrep rules registry: 1300 linter rules
-
A note from our sponsor - SaaSHub
www.saashub.com | 19 Jan 2025
Stats
semgrep/semgrep-rules is an open source project licensed under GNU General Public License v3.0 or later which is an OSI approved license.
The primary programming language of semgrep-rules is Solidity.
Popular Comparisons
- semgrep-rules VS find-sec-bugs
- semgrep-rules VS CVE-2021-44228-Log4Shell-Hashes
- semgrep-rules VS apache-log4j-rce-poc
- semgrep-rules VS Log4JShell-Bytecode-Detector
- semgrep-rules VS pyre-check
- semgrep-rules VS active-scan-plus-plus
- semgrep-rules VS dockerfile-image-update
- semgrep-rules VS apache-log4j-rce-poc
- semgrep-rules VS ZAP
- semgrep-rules VS semgrep-rules-android-security