#csrf

Rulesets (4)

r2c-security-audit

r2c

security
audit
xxe
injection
deserialization
xss
jwt
csrf
crypto

Scan code for potential security issues that require additional review. Recommended for teams looking to set up guardrails or to flag troublesome spots for further review.

security-audit

r2c

security
audit
xxe
injection
deserialization
xss
jwt
csrf
crypto

Scan code for potential security issues that require additional review. Recommended for teams looking to set up guardrails or to flag troublesome spots for further review.

auto

r2c

CI
cookies
correctness
crypto
csrf
injection
security
spring
xss
xxe
logic
logic bugs
runtime errors
slower
ruby

Use recommended rulesets specific to your project. Auto config is not a ruleset but a mode that scans for languages and frameworks and then uses the Semgrep Registry to select recommended rules. Semgrep will send a list of languages, frameworks, and your project URL to the Registry when using auto mode (but code is never uploaded).

minusworld.r2c-ci

r2c

audit
cookies
correctness
crypto
csrf
go
injection
java
javascript
python
security
spring
xss
xxe
logic
logic bugs
runtime errors

Scan for runtime errors, logic bus, and high-confidence security vulnerabilities. Recommended for use in CI to block serious issues from reaching production. Supports Python, Java, JavaScript, and Go.