Skip to content

Pull requests: semgrep/semgrep-rules

New pull request New
61 Open 482 Closed
61 Open 482 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

Merge Develop into Release
#3830 opened Apr 28, 2026 by r2c-argo Bot Loading…
4
Add String.formatted coverage to jdo-sqli (#3812)
#3813 opened Apr 17, 2026 by 9iang22 Contributor Loading…
1
Update disabled-cert-validation to detect requests.Session() usage
#3811 opened Apr 14, 2026 by feliperalmeida Loading…
3 tasks done
1
Adapt to the new gemini sdk in the ai-best-practices rules
#3810 opened Apr 14, 2026 by resimon Loading…
Add 4 Laravel security rules: raw SQL, open redirect, mass assignment, weak hashing
#3808 opened Apr 8, 2026 by momenbasel Loading…
3 tasks
7
feat(python/django): add rule to detect missing SecurityMiddleware
#3804 opened Apr 6, 2026 by balaakasam Loading…
3
fix(java,kotlin): use case-insensitive matching for crypto algorithm names
#3798 opened Mar 30, 2026 by 0xDC0DE Contributor Loading…
5 tasks done
1
New Rule to detect String Format Vulnerabilities
#3796 opened Mar 29, 2026 by dannytheway Loading…
Added support for calloc as allocator function for heap security rules.
#3795 opened Mar 29, 2026 by dannytheway Loading…
2
Add per-language supply chain attack prevention via default cooldowns
#3791 opened Mar 27, 2026 by pid1 Contributor Loading…
12
New Published Rules - rules.vitejs-process-env-direct-use
#3786 opened Mar 27, 2026 by semgrep-dev-pr-bot Bot Loading…
New Published Rules - rules.vitejs-loadenv-direct-use
#3785 opened Mar 27, 2026 by semgrep-dev-pr-bot Bot Loading…
feat(gha): add build pipeline security rules: curl-pipe-shell, workflow-env-secret
#3784 opened Mar 26, 2026 by kurt-r2c Contributor Loading…
Add PowerShell DFIR/CERT detection rules (18 rules)
#3782 opened Mar 26, 2026 by kurt-r2c Contributor Loading…
1
New Published Rules - dannytheway_personal.unbounded-copy-to-stack-buffer
#3781 opened Mar 26, 2026 by semgrep-dev-pr-bot Bot Loading…
3
feat(netsuite): add best practices SAST governance rules
#3780 opened Mar 25, 2026 by joshOrigami Loading…
10
Fix false positive with usedforsecurity flag in hashlib.sha1 (python)
#3776 opened Mar 25, 2026 by resimon Loading…
1
New Published Rules - rules.capacitor-logging-production-js
#3775 opened Mar 24, 2026 by semgrep-dev-pr-bot Bot Loading…
fix: Use parameterized query to prevent SQL injection in tainted-sql-string.py
#3773 opened Mar 19, 2026 by semgrep-code-dev-returntocorp Bot Draft
fix(c): reduce false positives in double-free and use-after-free rules
#3771 opened Mar 17, 2026 by MarkLee131 Loading…
1
1
fix(c): improve insecure-use-strtok-fn message
#3769 opened Mar 17, 2026 by MarkLee131 Loading…
1
test: add test cases for python lambda implicit return false positives
#3753 opened Feb 26, 2026 by dijkstracula Contributor Loading…
1 task done
1
csharp: Fix test mass-assignment example code
#3750 opened Feb 15, 2026 by IagoAbal Contributor Loading…
New Rules Proposal: Detect usage of RemoteIPHeader directive in an apache configuration.
#3748 opened Feb 11, 2026 by righettod Contributor Loading…
1
#3678 - Lower severity of MemoryMarshal CreateSpan rule to INFO due to unavoidable false positives
#3747 opened Feb 4, 2026 by AkshatJain9 Loading…
2
ProTip! Exclude everything labeled bug with -label:bug.