Semgrep
LGPL-2.1⚡ Vulnerability Scanning · OCaml
Semgrep is a lightweight static analysis engine that helps find bugs and enforce code standards across over 30 programming languages. It uses custom rules to perform code scanning, offering flexibility in detecting vulnerabilities and ensuring best practices. Semgrep's ability to integrate into development environments allows developers to catch issues early in the coding process. Its focus on customizable rules and language support makes it a powerful tool for secure software development.
Tags
Details
- Category
- ⚡ Vulnerability Scanning
- Language
- OCaml
- Repository
- semgrep/semgrep
- License
- LGPL-2.1
- Platforms
- 🐧linux🍎macos🪟windows
Links
Used in 1 Workflow
Community Reviews
Alternatives & Comparisons
Bearer
GoSAST tool scanning code for security risks, sensitive data flows, and vulnerabilities.
Compare Semgrep vs BearerBandit
PythonPython static analysis security linter to find common code vulnerabilities.
Compare Semgrep vs BanditMore in Vulnerability Scanning
Nuclei
GoFast vulnerability scanner driven by YAML templates. Thousands of community-contributed detection templates.
sqlmap
PythonAutomatic SQL injection and database takeover tool. Detects and exploits SQL injection flaws.
WPScan
RubyWordPress security scanner. Enumerates plugins, themes, users, and checks for known vulnerabilities.
OpenVAS
CFull-featured vulnerability scanner. 50,000+ NVTs, credentialed scanning, compliance checks.
XSStrike
PythonAdvanced XSS detection suite. Fuzzing engine, context analysis, and WAF detection/bypass capabilities.
Commix
PythonAutomated OS command injection exploitation tool. Tests web apps for command injection vulnerabilities.