This repository aims to provide a comprehensive set of effective Semgrep rules that have been contributed and vetted by the community.
# udpate the rules
./update-rules.sh
# validate all the rules
semgrep scan -j 100 -v --config ./rules --validate .
# actually running the scan
# '--config r/default' meaning that we already included the public rules of Semgrep
semgrep scan -j 100 --config r/default --config ./rules vulnerable-source-code
Special thanks to the following repositories whose contributions have been instrumental in curating this collection of Semgrep rules:
- Gitlab SAST rules
- Semgrep Commmunity rules
- TrailofBits
- Decurity
- 0xdea
- kondukto
- ligurio
- mindedsecurity
- elttam
- dgryski
- federicodotta
- hashicorp
While these rules are developed and shared with the intent of improving code quality and security, they might not cover every possible scenario. Always exercise caution and perform comprehensive testing in conjunction with other security measures.