| branch | using semgrep docker image | test status |
|---|---|---|
develop |
returntocorp/semgrep:develop |
 |
Welcome! This repository is the standard library for Semgrep rules, but there are many more written by r2c and other contributors available in the Semgrep Registry. If there is a specific rule you are looking for, you can also search the Semgrep registry. To contribute, find details about contributing in the Contributing to Semgrep rules documentation.
Run existing and custom Semgrep rules locally with the Semgrep command line interface (Semgrep CLI) or continuously with Semgrep in CI while using Semgrep App. To start using Semgrep rules, see Semgrep tutorial, Getting started with Semgrep CLI, and Getting started with Semgrep App.
We welcome Semgrep rule contributions directly to this repository! If you are submitting to the semgrep-rules repository we’ll ask you to make r2c a joint owner of your contributions. While you still own copyright rights to your rule, joint ownership allows r2c to license these contributions to other Semgrep Registry users pursuant to the LGPL 2.1 under the Commons Clause. Full license details here.
:::info To contribute, find details about contributing in the Contributing to Semgrep rules documentation. :::
You can also contact us at [email protected] to make Semgrep rule contributions. We will import your rules for everyone to use!
Join Slack for the fastest answers to your questions! Or contact the team at [email protected].
If you fork this repository or create your own, you can add a special semgrep -rules-test GitHub Action to your workflow that will automatically test your rules using the latest version of Semgrep. See our semgrep-rules-test.
Rulesets are groups of rules organized by purpose, language, or framework sourced from the Semgrep Registry. If you want to modify existing rulesets or create your own, please contact us at [email protected].