{"id":19123438,"url":"https://github.com/astteam/semgrep","last_synced_at":"2025-02-22T13:36:50.976Z","repository":{"id":79219583,"uuid":"471311403","full_name":"ASTTeam/Semgrep","owner":"ASTTeam","description":"《深入理解Semgrep》Finding vulnerabilities with Semgrep.","archived":false,"fork":false,"pushed_at":"2023-07-20T11:59:00.000Z","size":3702,"stargazers_count":43,"open_issues_count":0,"forks_count":4,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-03T08:47:35.096Z","etag":null,"topics":["0e0w","codeql","semgrep"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ASTTeam.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-03-18T09:42:51.000Z","updated_at":"2024-12-24T02:18:49.000Z","dependencies_parsed_at":"2024-11-09T05:35:53.290Z","dependency_job_id":null,"html_url":"https://github.com/ASTTeam/Semgrep","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASTTeam%2FSemgrep","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASTTeam%2FSemgrep/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASTTeam%2FSemgrep/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASTTeam%2FSemgrep/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ASTTeam","download_url":"https://codeload.github.com/ASTTeam/Semgrep/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240181542,"owners_count":19761084,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["0e0w","codeql","semgrep"],"created_at":"2024-11-09T05:25:39.167Z","updated_at":"2025-02-22T13:36:50.948Z","avatar_url":"https://github.com/ASTTeam.png","language":null,"readme":"# 《深入理解Semgrep》\n\n本项目收集整理Semgrep相关内容，包括Semgrep的设计原理实现方法或使用Semgrep进行的漏洞挖掘案例等。Semgrep基于语义的代码分析思想在SAST领域将会是一把利剑，无需编译快速扫描更是其优点。作者：[0e0w](https://github.com/0e0w)\n\n本项目创建于2022年3月17日，最近的一次更新时间为2022年7月20日。\n\n- [01-Semgrep资源](https://github.com/ASTTeam/Semgrep#01-Semgrep%E8%B5%84%E6%BA%90)\n- [02-Semgrep基础](https://github.com/ASTTeam/Semgrep#02-Semgrep%E5%9F%BA%E7%A1%80)\n- [03-Semgrep语言](https://github.com/ASTTeam/Semgrep#03-Semgrep%E8%AF%AD%E8%A8%80)\n- [04-Semgrep进阶](https://github.com/ASTTeam/Semgrep#04-Semgrep%E8%BF%9B%E9%98%B6)\n- [05-Semgrep案例](https://github.com/ASTTeam/Semgrep#05-Semgrep%E6%A1%88%E4%BE%8B)\n- [06-Semgrep参考](https://github.com/ASTTeam/Semgrep#06-Semgrep%E5%8F%82%E8%80%83)\n\n## 01-Semgrep资源\n\n本章节收集整理Semgrep的相关资源内容，文章内容质量参差不齐，建议深入学习官方资源！\n\n一、官方资源\n- [ ] https://semgrep.dev/docs\n- [ ] https://semgrep.dev/learn\n- [ ] https://github.com/returntocorp/semgrep\n- [ ] https://github.com/returntocorp/semgrep-rules\n- [ ] https://github.com/returntocorp/semgrep-docs\n- [ ] https://github.com/returntocorp/semgrep-action\n\n二、优秀资源\n- [x] [《深入理解Semgrep》](https://github.com/ASTTeam/Semgrep)@0e0w\n- [ ] https://github.com/tuannq2299/semgrep-rules\n\n三、视频资源\n\n四、学术刊物\n\n五、其他资源\n- [x] https://xz.aliyun.com/t/9531\n- [ ] https://xz.aliyun.com/t/12696\n- [x] https://www.anquanke.com/post/id/240028\n- [ ] https://zhuanlan.zhihu.com/p/377651159\n- [ ] https://zhuanlan.zhihu.com/p/387246394\n- [ ] https://www.freebuf.com/articles/web/286643.html\n- [ ] https://github.com/trailofbits/semgrep-rules\n- [ ] https://github.com/returntocorp/ocaml-tree-sitter-semgrep\n- [ ] https://github.com/returntocorp/semgrep-vscode\n- [ ] https://github.com/frappe/semgrep-rules\n- [ ] https://github.com/semgrep/rules-owasp-asvs\n- [ ] https://github.com/jtmelton/semgrep-idea-plugin\n- [ ] https://github.com/dgryski/semgrep-go\n- [ ] https://github.com/vmnguyen/semgrep-rules\n- [ ] https://github.com/returntocorp/semgrepl\n- [ ] https://github.com/returntocorp/semgrep-c-sharp\n- [ ] https://github.com/returntocorp/semgrep-grammars\n- [ ] https://github.com/srijan-deepsource/django-antipatterns\n- [ ] https://github.com/quasilyte/go-ruleguard\n- [ ] https://github.com/returntocorp/semgrep-rust\n- [ ] https://github.com/returntocorp/semgrep-rules-test-action\n- [ ] https://github.com/returntocorp/semgrep.vim\n- [ ] https://github.com/kondukto-io/semgrep-rules\n- [ ] https://github.com/semgrep/template-rules\n- [ ] https://github.com/returntocorp/semgrep-ocaml\n- [ ] https://github.com/Ayrx/semgrep_introduction\n- [ ] https://github.com/g-wilson/action-semgrep\n- [ ] https://github.com/ajinabraham/libsast\n- [ ] https://github.com/brentjanderson/asdf-semgrep\n- [ ] https://github.com/returntocorp/semgrep-hack\n- [ ] https://github.com/ligurio/semgrep-rules\n- [ ] https://github.com/agigleux-limited/semgrep-evaluation\n- [ ] https://github.com/jrgventura7/SemgrepDemo\n- [ ] https://github.com/imfht/my-semgrep-rules\n- [ ] https://github.com/hsparmar1/semgrep-jdbc-demo\n- [ ] https://github.com/minusworld/semgrep-library\n- [ ] https://github.com/guyinatuxedo/semgrep\n- [ ] https://github.com/dsocastillo/semgreptest\n- [ ] https://github.com/returntocorp/semgrep-java\n- [ ] https://github.com/majidmc2/SecSnake\n- [ ] https://github.com/returntocorp/semgrep-go\n- [ ] https://github.com/wahyuhadi/semgrep-integrator\n- [ ] https://github.com/0xdea/semgrep-rules\n- [ ] https://github.com/pingvin1341/semgrep-pipeline\n- [ ] https://github.com/gabrielg/codeclimate-semgrep\n- [ ] https://github.com/devidwfreitas/intro-to-semgrep\n- [ ] https://github.com/allwin101/intro-to-semgrep\n- [ ] https://github.com/007divyachawla/intro-to-semgrep\n- [ ] https://github.com/MarceloSFlori/intro-to-semgrep\n- [ ] https://github.com/tezamukkavilli-cpi/intro-to-semgrep\n- [ ] https://github.com/ymmatheus/intro-to-semgrep\n- [ ] https://github.com/phani-gadupudi/intro-to-semgrep\n- [ ] https://github.com/hsparmar1/semgrep-java-owasp\n\n## 02-Semgrep基础\n\n 本章节介绍Semgrep的基础用法及设计思路实现原理等！\n\n一、Semgrep安装\n\n二、Semgrep使用\n## 03-Semgrep规则\n\n本章节介绍QL语言的语法规则，包括优秀规则等内容。\n\n一、基础语法\n\n二、规则编写\n- Java\n- C#\n- Go\n\n三、官方规则\n\n四、优秀规则\n## 04-Semgrep进阶\n\n本章节是针对不同的开发语言进行Semgrep扫描的例子，本章节待整理。\n\n一、Java安全分析\n\n二、C#安全分析\n\n三、Golang安全分析\n\n四、Python\n\n五、C++安全分析\n\n六、Ruby\n\n七、Semgrep工具\n## 05-Semgrep案例\n\n本章节介绍Semgrep的具体使用案例，包括自己通过Semgrep挖掘的漏洞等内容。\n\n一、大型应用分析\n- 分析Shiro\n  - https://www.freebuf.com/articles/web/321757.html\n- 分析Fastjson\n- 分析Log4j\n- 分析Dubbo\n- 分析kylin\n- 分析grafana\n- 分析Hadoop\n- 分析Struts2\n\n二、代码审计案例\n## 06-Semgrep参考\n\n- https://github.com/ASTTeam/Semgrep\n\n## Stargazers\n\n[![Stargazers @ASTTeam/Semgrep](https://reporoster.com/stars/ASTTeam/Semgrep)](https://github.com/ASTTeam/Semgrep/stargazers)\n\n## Forkers\n\n[![Forkers @ASTTeam/Semgrep](https://reporoster.com/forks/ASTTeam/Semgrep)](https://github.com/ASTTeam/Semgrep/network/members)\n\n\n\n![Stargazers over time](https://starchart.cc/ASTTeam/Semgrep.svg)","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fastteam%2Fsemgrep","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fastteam%2Fsemgrep","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fastteam%2Fsemgrep/lists"}