Semgrep
Semgrep is a fast, open-source tool that scans source code to find programming errors, security vulnerabilities, and policy violations.
Auditor Job Name: Gitlab Semgrep AppSec Portal Importer Name: GitLab Semgrep, Semgrep JSON Report
Semgrep supports several programming languages such as:
Python
JavaScript
Java
Go
Ruby
TypeScript
C#
Kotlin
PHP
Swift
The Semgrep can be used to scan for security issues such as:
SQL injection
Cross-site scripting (XSS)
Command injection
Authentication and authorization issues
Insecure cryptography
Code injection
Path traversal
File inclusion
Information leakage
XML external entity injection (XXE)
Server-side request forgery (SSRF)
and more
One interesting feature of Semgrep is its ability to detect security issues in complex codebases. It uses a powerful pattern-matching engine to identify vulnerabilities and is highly customizable.
Last updated