branch | using semgrep docker image | test status |
---|---|---|
develop |
returntocorp/semgrep:develop |
Welcome! This repository is the standard library for Semgrep rules. There are many more rules available in the Semgrep Registry written by r2c and other contributors. The Semgrep Registry includes rules from this repository and additional rules that are accessible with the Team or Enterprise tiers of Semgrep App. If there is a specific rule you are looking for, see the Semgrep registry search. To contribute, find details about contributing in the Contributing to Semgrep rules documentation.
Run existing and custom Semgrep rules locally with the Semgrep command line interface (Semgrep CLI) or continuously with Semgrep in CI while using Semgrep App. To start using Semgrep rules, see Semgrep tutorial, Getting started with Semgrep CLI, and Getting started with Semgrep App.
We welcome Semgrep rule contributions directly to this repository! When you submit your contribution to the semgrep-rules
repository we’ll ask you to make r2c a joint owner of your contributions. While you still own copyright rights to your rule, joint ownership allows r2c to license these contributions to other Semgrep Registry users pursuant to the LGPL 2.1 under the Commons Clause. See full license details.
Note: To contribute, review the Contributing to Semgrep rules documentation.
You can also contact us at support@r2c.dev to make Semgrep rule contributions. We will import your rules for everyone to use!
Join Slack for the fastest answers to your questions! Or contact the team at support@r2c.dev.
If you fork this repository or create your own, you can add a special semgrep -rules-test GitHub Action to your workflow that will automatically test your rules using the latest version of Semgrep. See our semgrep-rules-test.
Rulesets are groups of rules organized by purpose, language, or framework sourced from the Semgrep Registry. If you want to modify existing rulesets or create your own, please contact us at support@r2c.dev.