semgrep-docs
semgrep-docs copied to clipboard
semgrep
Documentation of Semgrep: a fast, open-source, static analysis tool.
As the header says, there are some sample rules that do not contain the `language` and `severity` properties. One example is https://github.com/returntocorp/semgrep-docs/blob/main/docs/writing-rules/rule-syntax.md#complete-useless-comparison Thank you for a great tool! :) I've...
https://semgrep.slack.com/archives/CK86BJ5DW/p1674228062395879 `# ruleid: one, two, three, four, five`
`docs/troubleshooting/gitlab-sast.md` has `SAST_EXCLUDED_PATHS: "*.py, tests"` but when GitLab converts that to `--exclude` rules it ends up as `--exclude *.py --exclude tests` where there's 2 spaces before `tests`. This was causing...
I was reading the documentation provided [here](https://semgrep.dev/docs/cheat-sheets/django-xss/) and I noted that there was something missing in the XSS prevention documentation: Template strings. As noted [here](https://alantrick.ca/writings/programming/django_escapejs_sec), template strings can introduce an...
Feedback from @Strajk via https://www.notion.so/Semgrep-feedback-a999dd63a00c413e8ec9213ec3ca36e0 cc @pabloest
Add a link below https://semgrep.dev/docs/awesome/ for a page listing all of r2c's rulesets and descriptions of them (more advertising yay)
# Thanks for improving Semgrep Docs 😀 ### Please ensure - [ ] A subject matter expert (SME) reviews the content - [x] A technical writer reviews the content or...
We had some consistency issues with the SAML/SSO KBs such as different title formats, present or missing help, etc. Some also had a level of technical detail that didn't match...
We had a KB that originated in the early days of Secrets when the PR comment mechanism wasn't the same as others, and was no longer really useful. I've swapped...