EN
ENNA

Semgrep

LGPL-2.1

Vulnerability Scanning · OCaml

Semgrep is a lightweight static analysis engine that helps find bugs and enforce code standards across over 30 programming languages. It uses custom rules to perform code scanning, offering flexibility in detecting vulnerabilities and ensuring best practices. Semgrep's ability to integrate into development environments allows developers to catch issues early in the coding process. Its focus on customizable rules and language support makes it a powerful tool for secure software development.

14.7kstars
905forks
846issues
Updated 2d ago
View on GitHubOfficial Website

Tags

saststatic-analysiscode-scanningcustom-rulescgojavajavascriptpythonr2crubysemgrepstatic-code-analysistypescript

Details

Category
Vulnerability Scanning
Language
OCaml
Repository
semgrep/semgrep
License
LGPL-2.1
Platforms
🐧linux🍎macos🪟windows

Links

GitHub Repository

github.com/semgrep/semgrep

Official Website

semgrep.dev

Releases

github.com/semgrep/semgrep/releases

Issues

github.com/semgrep/semgrep/issues

Sponsored

Your ad here

Reach security professionals and developers — ads@en-na.com

More in Vulnerability Scanning

Nuclei

Go

Fast vulnerability scanner driven by YAML templates. Thousands of community-contributed detection templates.

template-basedcvemisconfig

sqlmap

Python

Automatic SQL injection and database takeover tool. Detects and exploits SQL injection flaws.

sql-injectiondatabaseautomated

WPScan

Ruby

WordPress security scanner. Enumerates plugins, themes, users, and checks for known vulnerabilities.

wordpressplugin-enumcve

OpenVAS

C

Full-featured vulnerability scanner. 50,000+ NVTs, credentialed scanning, compliance checks.

enterprisenvtcompliance

XSStrike

Python

Advanced XSS detection suite. Fuzzing engine, context analysis, and WAF detection/bypass capabilities.

xsswaf-bypassfuzzing

Commix

Python

Automated OS command injection exploitation tool. Tests web apps for command injection vulnerabilities.

command-injectionautomatedweb-app