Works with Semgrep Pro Engine
Semgrep Pro rules are written to minimize false positives so findings can be presented to developers in their workflows, avoiding lengthy triage sessions.
Pro rules provide high-confidence results by leveraging cross-file and cross-funtion dataflow analysis.
High confidence rules use features like taint tracking with sources, sinks, propagators, and sanitizers curated by our Security Research team.
Rules for popular languages and frameworks:
Find injection vulnerabilities
Discover malicious deserialization mechanisms
60+ rules supporting 14 Python libraries/frameworks and 3 commonly used Java libraries, both standalone or in combination with Java Servlets and the Spring Framework.See rules for deserialization
Detect XXE vulnerabilities
Detect XML external entity issues with support for common Java libraries and classes, to identify the many different ways they can be insecurely configured and used.Learn more about Java XML security
Rules are continuously updated by our Security Research team based on rule performance and user feedback.
Pro rule coverage for languages is continuously expanded by our Security Research team.
Rule syntax is intuitive and similar to source code so there's no need to learn new domain-specific languages to make tweaks.
Get a top-down view of fix and ignore rates to optimize rule policies and behaviors (monitor, comment, or blocking).
Learn more on the Semgrep blog