Skip to content

Pull requests: semgrep/semgrep-rules

New pull request New
76 Open 3,059 Closed
76 Open 3,059 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

Add 4 Laravel security rules: raw SQL, open redirect, mass assignment, weak hashing
#3808 opened Apr 8, 2026 by momenbasel Loading…
3 tasks
6
Package manager cooldown
#3805 opened Apr 6, 2026 by gbennett-squarespace Loading…
6
feat(python/django): add rule to detect missing SecurityMiddleware
#3804 opened Apr 6, 2026 by balaakasam Loading…
2
Merge Develop into Release
#3799 opened Mar 31, 2026 by r2c-argo bot Loading…
fix(java,kotlin): use case-insensitive matching for crypto algorithm names
#3798 opened Mar 30, 2026 by 0xDC0DE Contributor Loading…
5 tasks done
1
New Rule to detect String Format Vulnerabilities
#3796 opened Mar 29, 2026 by dannytheway Loading…
Added support for calloc as allocator function for heap security rules.
#3795 opened Mar 29, 2026 by dannytheway Loading…
2
Add per-language supply chain attack prevention via default cooldowns
#3791 opened Mar 27, 2026 by pid1 Contributor Loading…
12
New Published Rules - rules.vitejs-process-env-direct-use
#3786 opened Mar 27, 2026 by semgrep-dev-pr-bot bot Loading…
New Published Rules - rules.vitejs-loadenv-direct-use
#3785 opened Mar 27, 2026 by semgrep-dev-pr-bot bot Loading…
feat(gha): add build pipeline security rules: curl-pipe-shell, workflow-env-secret
#3784 opened Mar 26, 2026 by kurt-r2c Contributor Loading…
Add PowerShell DFIR/CERT detection rules (18 rules)
#3782 opened Mar 26, 2026 by kurt-r2c Contributor Loading…
1
New Published Rules - dannytheway_personal.unbounded-copy-to-stack-buffer
#3781 opened Mar 26, 2026 by semgrep-dev-pr-bot bot Loading…
3
feat(netsuite): add best practices SAST governance rules
#3780 opened Mar 25, 2026 by joshOrigami Loading…
10
Fix false positive with usedforsecurity flag in hashlib.sha1 (python)
#3776 opened Mar 25, 2026 by resimon Loading…
1
New Published Rules - rules.capacitor-logging-production-js
#3775 opened Mar 24, 2026 by semgrep-dev-pr-bot bot Loading…
fix: Use parameterized query to prevent SQL injection in tainted-sql-string.py
#3773 opened Mar 19, 2026 by semgrep-code-dev-returntocorp bot Draft
fix(c): reduce false positives in double-free and use-after-free rules
#3771 opened Mar 17, 2026 by MarkLee131 Loading…
1
1
fix(c): improve insecure-use-strtok-fn message
#3769 opened Mar 17, 2026 by MarkLee131 Loading…
1
Add exception patterns to update rule on H2C smuggling in Nginx config
#3767 opened Mar 16, 2026 by mackenly Loading…
1
1
Detect shell injection inside GitHub 'script' step
#3761 opened Mar 4, 2026 by Piccirello Contributor Loading…
1
test: add test cases for python lambda implicit return false positives
#3753 opened Feb 26, 2026 by dijkstracula Contributor Loading…
1 task done
1
Fix privileged-container rule
#3752 opened Feb 24, 2026 by matthewbelisle-wf Loading…
3
csharp: Fix test mass-assignment example code
#3750 opened Feb 15, 2026 by IagoAbal Contributor Loading…
New Rules Proposal: Detect usage of RemoteIPHeader directive in an apache configuration.
#3748 opened Feb 11, 2026 by righettod Contributor Loading…
1
ProTip! Exclude everything labeled bug with -label:bug.