Despite the fact that there is an open source repository containing community rules, some Semgrep users prefer to keep their custom rules in repositories that they manage.
The goal of semgrep-rules-manager is to collect high-quality Semgrep rules from third-party sources. It allows you to examine information about a source, download it, and check for and retrieve remote updates. If a downloaded source no longer meets your requirements, semgrep-rules-manager can handle deletion procedures.
At the moment, 14 sources are tracked, with 3749 different Semgrep rules.
This online search engine allows you to explore all 3749 rules included in semgrep-rules-manager.
All 14 sources in semgrep-rules-manager are defined in semgrep_rules_manager/data/sources.yaml. They are listed in the table below.
| Identifier | Rules per Language | Author | License |
|---|---|---|---|
community |
378 for Python, 364 for Terraform, 237 for Regex, 213 for JavaScript, 207 for TypeScript, 128 for Java, 110 for YAML, 97 for Go, 90 for Generic, 89 for Ruby, 64 for PHP, 50 for Solidity, 49 for C#, 39 for Dockerfile, 34 for OCaml, 25 for Scala, 22 for JSON, 19 for Kotlin, 17 for C, 12 for Apex, 11 for Rust, 9 for Bash, 7 for Swift, 7 for Elixir, 5 for Clojure, 4 for HTML, 1 for Lua, 1 for Dart, 1 for XML | Semgrep | LGPL 2.1 |
gitlab |
102 for Java, 96 for JavaScript, 86 for Scala, 80 for Python, 62 for C, 62 for C++, 59 for Kotlin, 40 for Ruby, 27 for Go, 22 for C#, 13 for TypeScript, 9 for PHP, 5 for Swift, 4 for Generic, 1 for YAML | GitLab | MIT |
trailofbits |
24 for Python, 24 for YAML, 18 for Go, 15 for Ruby, 14 for Generic, 9 for JavaScript, 9 for TypeScript, 9 for Terraform, 3 for Regex, 2 for Java, 2 for Kotlin, 1 for Rust, 1 for Swift | Trail of Bits | AGPL-3.0 |
0xdea |
48 for C++, 47 for C, 1 for Generic | Marco Ivaldi | MIT |
elttam |
50 for Java, 15 for Generic, 7 for YAML, 7 for Go, 7 for JavaScript, 6 for TypeScript, 5 for C#, 5 for Python, 1 for PHP, 1 for C, 1 for Kotlin | elttam | MIT |
kondukto |
5 for Dockerfile, 5 for PHP, 3 for Go, 3 for Java | Kondukto | |
dgryski |
66 for Go | Damian Gryski | MIT |
dotta |
7 for PHP, 3 for Kotlin, 1 for Java | Federico Dotta | MIT |
hashicorp |
4 for Terraform, 1 for Generic | Hashicorp | MPL-2.0 |
decurity |
57 for Solidity, 4 for Cairo, 2 for Rust | Decurity | CC BY-NC-SA 4.0 |
mindedsecurity |
37 for Java, 15 for XML, 1 for Generic | mindedsecurity | GPL3 |
akabe1 |
24 for Swift, 15 for Java, 8 for Generic | akabe1 | |
atlassian-labs |
35 for Java, 2 for Generic | atlassian-labs | LGPL 2.1 |
apiiro |
18 for Python, 14 for JavaScript, 14 for TypeScript, 12 for Java, 12 for Lua, 12 for Ruby, 11 for Clojure, 11 for C#, 11 for PHP, 11 for Scala, 10 for Dart, 10 for Rust, 7 for Go, 6 for Bash, 2 for Kotlin | apiiro | MIT |
This is only an excerpt from the README.md hosted on GitHub.