awesome-python icon indicating copy to clipboard operation
awesome-python copied to clipboard
verified publisher icon vinta

Add Semgrep

Open saikrishna4276 opened this issue 2 years ago • 2 comments

What is this Python project?

Semgrep is a fast, open-source, static analysis engine for finding bugs, detecting vulnerabilities in third-party dependencies, and enforcing code standards. It is faster than Bandit and covers almost all static analysis tools.

Semgrep analyzes code locally on your computer or in your build environment: code is never uploaded.

Its rules look like the code you already write; no abstract syntax trees, regex wrestling, or painful DSLs. You can write your own rules instead of using the already mentioned rules. Also, GitLab recently announced they are transitioning a majority GitLab SAST analyzers to Semgrep!

What's the difference between this Python project and similar ones?

Faster Static analysis tool than any other tool.

--

Anyone who agrees with this pull request could submit an Approve review to it.

saikrishna4276 avatar Feb 23 '23 05:02 saikrishna4276

@vinta , Semgrep is a fast static analyser not only for python but also for many other languages.

You can check here Or here.

A Well known project. I guess it doesn't need any votes or approvals.

Thanks.

saikrishna4276 avatar Feb 24 '23 20:02 saikrishna4276

K

aptvarun avatar Feb 27 '23 14:02 aptvarun