You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Welcome! This repository contains Semgrep's Community Edition rules.
In addition to the rules in this repository, the Semgrep Registry offers proprietary Pro rules that offer additional language coverage, and unlock crossfile and deep dataflow analysis.
Pattern syntax, describing what Semgrep patterns can do in detail, and example use cases of the ellipsis operator, metavariables.
Rule syntax, describing Semgrep YAML rule files, which can have multiple patterns, detailed output messages, and autofixes. The syntax allows the composition of individual patterns with boolean operators.
We welcome Semgrep rule contributions directly to this repository! When submitting your contribution, you grant Semgrep, Inc. a license to use, modify, and distribute your contribution under the Semgrep Rules License v. 1.0. This ensures your rule can be shared with other Semgrep Registry users.
You can also reach out to us at support@semgrep.com, and we will help import your rules for others to use!
Additional information
Help
Join Slack for the fastest answers to your questions! Or contact the team at support@semgrep.com.
GitHub action to run tests
If you fork this repository or create your own, you can add a GitHub Action to your workflow that will automatically test your rules using the latest version of Semgrep. See our semgrep-rules-test example.
Rulesets
Rulesets are groups of rules organized by purpose, language, or framework sourced from the Semgrep Registry. If you want to modify existing rulesets or create your own, please contact us at support@semgrep.com.
About
Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.
![@semgrep-dev-pr-bot[bot]](https://avatars.githubusercontent.com/in/60337?s=64&v=4){kind=small}
