Search

Suggested keywords:
  • Java
  • Docker
  • Git
  • React
  • NextJs
  • Spring boot
  • Laravel

Semgrep - Lightweight static analysis for many languages

  • Share this:
post-title
Semgrep is a command-line tool for offline static analysis. Use pre-built or custom rules to enforce code and security standards in your codebase. Semgrep combines the convenient and iterative style of grep with the powerful features of an Abstract Syntax Tree (AST) matcher and limited dataflow. Easily find function calls, class or method definitions, and more without having to understand ASTs or wrestle with regexes.

It addressess OWASP Top 10 Issues and also helps to write own rules. It can hunt vulnerabilities, Eradicate classes of bugs by enforcing code guardrails.
https://semgrep.dev/
https://github.com/returntocorp/semgrep
License:
Tech: