Rules from the preeminent Node.js security scanner, NodeJSScan.
Selected rules from Bandit, a security checker for Python, rewritten in Semgrep.
Selected rules from FindSecBugs, a security checker for Java, rewritten in Semgrep.
Default ruleset for Flask, by r2c.
Ruleset accompanying r2c OWASP presentation.
Rules for OWASP security checks for python
Security rules for GitHub Actions workflow files
Bandit rules in Gitlab SAST, written by Gitlab and r2c.
Default ruleset for Node.js, written by ajinabraham and r2c
OWASP Java Benchmark ruleset, a subset of java rules for faster results.
Ruleset for OWASP SF
The OWASP Top 10 is an industry-recognized report of top web application security risks. Use this ruleset to scan for OWASP Top 10 vulnerabilities.
Python Meetup Check Ruleset