Skip to content

Pull requests: semgrep/semgrep-rules

New pull request New
77 Open 3,061 Closed
77 Open 3,061 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

Add String.formatted coverage to jdo-sqli (#3812)
#3813 opened Apr 17, 2026 by 9iang22 Contributor Loading…
1
Update disabled-cert-validation to detect requests.Session() usage
#3811 opened Apr 14, 2026 by feliperalmeida Loading…
3 tasks done
1
Adapt to the new gemini sdk in the ai-best-practices rules
#3810 opened Apr 14, 2026 by resimon Loading…
Add 4 Laravel security rules: raw SQL, open redirect, mass assignment, weak hashing
#3808 opened Apr 8, 2026 by momenbasel Loading…
3 tasks
6
feat(python/django): add rule to detect missing SecurityMiddleware
#3804 opened Apr 6, 2026 by balaakasam Loading…
2
Merge Develop into Release
#3799 opened Mar 31, 2026 by r2c-argo bot Loading…
fix(java,kotlin): use case-insensitive matching for crypto algorithm names
#3798 opened Mar 30, 2026 by 0xDC0DE Contributor Loading…
5 tasks done
1
New Rule to detect String Format Vulnerabilities
#3796 opened Mar 29, 2026 by dannytheway Loading…
Added support for calloc as allocator function for heap security rules.
#3795 opened Mar 29, 2026 by dannytheway Loading…
2
Add per-language supply chain attack prevention via default cooldowns
#3791 opened Mar 27, 2026 by pid1 Contributor Loading…
12
New Published Rules - rules.vitejs-process-env-direct-use
#3786 opened Mar 27, 2026 by semgrep-dev-pr-bot bot Loading…
New Published Rules - rules.vitejs-loadenv-direct-use
#3785 opened Mar 27, 2026 by semgrep-dev-pr-bot bot Loading…
feat(gha): add build pipeline security rules: curl-pipe-shell, workflow-env-secret
#3784 opened Mar 26, 2026 by kurt-r2c Contributor Loading…
Add PowerShell DFIR/CERT detection rules (18 rules)
#3782 opened Mar 26, 2026 by kurt-r2c Contributor Loading…
1
New Published Rules - dannytheway_personal.unbounded-copy-to-stack-buffer
#3781 opened Mar 26, 2026 by semgrep-dev-pr-bot bot Loading…
3
feat(netsuite): add best practices SAST governance rules
#3780 opened Mar 25, 2026 by joshOrigami Loading…
10
Fix false positive with usedforsecurity flag in hashlib.sha1 (python)
#3776 opened Mar 25, 2026 by resimon Loading…
1
New Published Rules - rules.capacitor-logging-production-js
#3775 opened Mar 24, 2026 by semgrep-dev-pr-bot bot Loading…
fix: Use parameterized query to prevent SQL injection in tainted-sql-string.py
#3773 opened Mar 19, 2026 by semgrep-code-dev-returntocorp bot Draft
fix(c): reduce false positives in double-free and use-after-free rules
#3771 opened Mar 17, 2026 by MarkLee131 Loading…
1
1
fix(c): improve insecure-use-strtok-fn message
#3769 opened Mar 17, 2026 by MarkLee131 Loading…
1
Add exception patterns to update rule on H2C smuggling in Nginx config
#3767 opened Mar 16, 2026 by mackenly Loading…
1
1
Detect shell injection inside GitHub 'script' step
#3761 opened Mar 4, 2026 by Piccirello Contributor Loading…
1
test: add test cases for python lambda implicit return false positives
#3753 opened Feb 26, 2026 by dijkstracula Contributor Loading…
1 task done
1
Fix privileged-container rule
#3752 opened Feb 24, 2026 by matthewbelisle-wf Loading…
3
ProTip! Add no:assignee to see everything that’s not assigned.