Semgrep Registry

r2c-security-audit

Semgrep

Scan code for potential security issues that require additional review. Recommended for teams looking to set up guardrails or to flag troublesome spots for further review.

nodejsscan

Ajin Abraham

Rules from the preeminent Node.js security scanner, NodeJSScan.

django

Grayson Hardaway

Default ruleset for Django, by Semgrep

findsecbugs

Semgrep, Gitlab

Use Semgrep as a universal linter to identify vulnerabilities and code smells in your code base with the FindSecBugs (https://find-sec-bugs.github.io/) rule pack.

minusworld.express-xss

r2c

Cross-site scripting (XSS) secure defaults for Express.js

security-audit

Semgrep

Scan code for potential security issues that require additional review. Recommended for teams looking to set up guardrails or to flag troublesome spots for further review.

minusworld.ruby-on-rails-xss

r2c

Secure defaults for XSS prevention for Ruby on Rails

minusworld.java-httpservlet-jsp-xss

r2c

Secure XSS defaults for HttpServlets+JSP.

minusworld.django-xss

r2c

Secure defaults for XSS prevention in Django

minusworld.r2c-javascript-ci

r2c

Scan for runtime errors, logic bus, and high-confidence security vulnerabilities. Recommended for use in CI to block serious issues from reaching production.

Use recommended rulesets specific to your project. Auto config is not a ruleset but a mode that scans for languages and frameworks and then uses the Semgrep Registry to select recommended rules. Semgrep will send a list of languages, frameworks, and your project URL to the Registry when using auto mode (but code is never uploaded).

#xss

Rulesets (18)

r2c-security-audit

nodejsscan

django

findsecbugs

minusworld.express-xss

security-audit

minusworld.go-std-xss

minusworld.ruby-on-rails-xss

minusworld.omni-xss

minusworld.java-httpservlet-jsp-xss

minusworld.django-xss

minusworld.r2c-javascript-ci

auto

minusworld.r2c-ci

minusworld.r2c-go-ci

minusworld.r2c-java-ci

minusworld.r2c-python-ci

ruby-on-rails-xss

Rules (0)