#xss
Rulesets (18)

Scan code for potential security issues that require additional review. Recommended for teams looking to set up guardrails or to flag troublesome spots for further review.

Rules from the preeminent Node.js security scanner, NodeJSScan.

Default ruleset for Django, by r2c
Use Semgrep as a universal linter to identify vulnerabilities and code smells in your code base with the FindSecBugs (https://find-sec-bugs.github.io/) rule pack.

Cross-site scripting (XSS) secure defaults for Express.js

Scan code for potential security issues that require additional review. Recommended for teams looking to set up guardrails or to flag troublesome spots for further review.

Secure defaults for XSS in Go.

Secure defaults for XSS prevention for Ruby on Rails

Secure defaults for XSS prevention

Secure XSS defaults for HttpServlets+JSP.

Secure defaults for XSS prevention in Django

Scan for runtime errors, logic bus, and high-confidence security vulnerabilities. Recommended for use in CI to block serious issues from reaching production.

Use recommended rulesets specific to your project. Auto config is not a ruleset but a mode that scans for languages and frameworks and then uses the Semgrep Registry to select recommended rules. Semgrep will send a list of languages, frameworks, and your project URL to the Registry when using auto mode (but code is never uploaded).

Scan for runtime errors, logic bus, and high-confidence security vulnerabilities. Recommended for use in CI to block serious issues from reaching production. Supports Python, Java, JavaScript, and Go.

Scan for runtime errors, logic bus, and high-confidence security vulnerabilities. Recommended for use in CI to block serious issues from reaching production.

Scan for runtime errors, logic bus, and high-confidence security vulnerabilities. Recommended for use in CI to block serious issues from reaching production.

Scan for runtime errors, logic bus, and high-confidence security vulnerabilities. Recommended for use in CI to block serious issues from reaching production.

Secure defaults for XSS prevention for Ruby on Rails