#semgrep
Rulesets (43)
Most common clientside JavaScript XSS vulnerabilities
React security rules.
Cross-site scripting (XSS) secure defaults for Express.js
Rule pack for detecting insecure transport in node js
Secure defaults for XSS in Go.
A collection of opinionated rules for best practices in popular languages. Recommended for users who want really strict coding standards.
Secure defaults for XSS prevention for Ruby on Rails
Secure defaults for XSS prevention
Find common bugs, errors, and logic issues in popular languages.
Ensure your code communicates over encrypted channels instead of plaintext.
Selected rules from Hadolint, a Dockerfile linter, rewritten in Semgrep.
Secure XSS defaults for HttpServlets+JSP.
Rule pack for detecting insecure transport in java spring.
Rule pack for detecting insecure transport in java stdlib.
Security checks for nginx configuration files.
Secure defaults for XSS prevention in Django
Rule pack for detecting insecure transport in node js
Selected rules from Hadolint, a Dockerfile linter, rewritten in Semgrep.
Security checks for docker-compose configuration files.
Security checks for kubernetes configuration files.
Rules for linting Semgrep rule YAML files for errors or performance problems
Brakeman ruleset curated by Semgrep.
Omni pack for insecure transport rules
Rule pack for detecting insecure transport in java spring.
electron desktop app
Secure defaults for Command injection prevention
Insecure usage of most popular headless browser APIs
Ruleset by r2c
Ensure your code communicates over encrypted channels instead of plaintext.
Secure defaults for Command injection prevention
Secure defaults for Command injection prevention
SQL injection guardrails. Checks for non-constant SQL queries and other SQLi.
PHP Laravel framework ruleset by Semgrep
Play framework ruleset by Semgrep
Secure defaults for Command injection prevention
React rules which contain best practices and general code-smells, should not be run in CI/CD.
React rules available to team tier customers, this rule-pack would be the most recommended due to higher accuracy of sources.
Rulset for reverse shells, by Kurt Boberg
Secure defaults for Command injection prevention
Secure defaults for XSS prevention for Ruby on Rails
Collection of rules preventing semgrep misconfigurations
Rule pack for detecting insecure transport in java spring.
Wordpress audit ruleset, ported from WPScan