工具: https://github.com/returntocorp/semgrep
工具规则: https://github.com/returntocorp/semgrep-rules
semgrep: v0.100.0
semgrep-rules: Aug 8, 2022
目前规则包括两部分:
- semgrep-rules:semgrep标准规则,语言包括c/go/java/js/ts/php/python/ruby/html/yaml,以及通用语言generic和contrib
- njsscan[https://github.com/ajinabraham/njsscan]:js安全规则 https://semgrep.dev/p/nodejsscan
https://semgrep.dev/docs/writing-rules/overview/ 参考链接编写规则yaml,并编写测试用例后测试,最后将测试用例和规则上传到rules/custom文件夹下