Semgrep

Pricing type: Free
Categories: Security
Static analysis at ludicrous speed.
See the tool

Description

Semgrep is a highly-configurable SAST tool that looks for recurring patterns in the syntax tree. It can either run locally using Docker or be integrated into the CI/CD pipeline with Github Actions. Results are delivered as JSON files, allowing you to pipe the results into other tools, like jq in order to manipulate them.

More Resources & Tools in Security

Use Docker and Dockery Compose to test and find blind cross-site scripting vulnerabilities.

Analyze webpack production bundle

A CLI tool that helps you avoid undefined user behaviour by validating your API specifications.