security-sesha / intro-to-semgrep Goto Github PK
View Code? Open in Web Editor NEWHome Page: https://lab.github.com/returntocorp/intro-to-semgrep
License: MIT License
intro-to-semgrep's People
Contributors
Watchers
intro-to-semgrep's Issues
Useful Semgrep Links
This issue collects various links to useful Semgrep resources and documentation in one place so you can reference it if you ever get stuck.
- semgrep.dev - Semgrep's home page
- @returntocorp/semgrep - Semgrep's source code on GitHub
- Semgrep Registry - Home of Semgrep's free, out-of-the-box rules (that is, security checks), written by r2c and the community.
- These rules are grouped into "rulesets" that collect related functionality, like rules that check for secrets, target specific languages (e.g. javascript) or frameworks (e.g. django), or even entire vulnerability classes (e.g. xss or insecure
transport). - @returntocorp/semgrep-rules - The source code of Semgrep's rules on GitHub.
- Note that the Registry has more rules than what's just in the
returntocorp/semgrep-rulesrepo, as the Registry includes Semgrep rules from other community repos, like NodeJSScan or Go rules by Damian Gryski.
- Note that the Registry has more rules than what's just in the
- These rules are grouped into "rulesets" that collect related functionality, like rules that check for secrets, target specific languages (e.g. javascript) or frameworks (e.g. django), or even entire vulnerability classes (e.g. xss or insecure
- Semgrep Playground - Write and share Semgrep rules right from your browser, no installation required!
Rule Writing
There's a step by step rule writing tutorial here.
If you go to the Playground, you can also click the "Examples" button to view a number of illustrative built-in examples.
And of course, you can also review the over 1,000 rules in @returntocorp/semgrep-rules.
Docs
Semgrep has pretty extensive docs, which you can view here.
Of note:
- Pattern syntax - All of the ways you can match code within one pattern.
- Rule syntax - All of the ways you can combine Semgrep patterns to form more complex queries. For example, looking for code that matches
thisANDthat, orthisbut NOTthat, etc.
Community
Feel free to join the r2c community Slack to ask questions (we're super responsive!) or reach out to us on Twitter (@r2cdev), or send us an email at [email protected].
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.