gitlab gitlab-org/security-products/analyzers/semgrep v4.10.1
on GitLab

latest releases: v5.2.0, v5.1.0, v5.0.0...
5 months ago
  • Update sast-rules version 2.0.8 (!356)
    • Fix OWASP Top 10 category references and typos in multiple rules
    • Update the existing rule rules/lgpl/javascript/database/rule-node_sqli_injection.yml to add support for sequelize, optimize existing patterns and cover more sql cases
    • Update go/sql/rule-concat-sqli.yml to cover more cases and merge it with go/sql/rule-format-string-sqli.yml
    • Update go/injection/rule-ssrf.yml to remove false-positives
    • Update python/exec/rule-subprocess-popen-shell-true.yml to remove false-positives
    • Update python/sql/rule-hardcoded-sql-expression.yml to remove false-positives
    • Update java/inject/rule-LDAPInjection.yml to remove false-positives
    • Update java/script/rule-SpelExpressionParser.yml to also match parseRaw() injections
    • Update java/strings/rule-ModifyAfterValidation.yml to match replaceAll, replaceFirst & concat as possible sinks
    • Rename java/script/rule-SpelExpressionParser.yml to rule-SpringSpelExpressionParser.yml to avoid naming collision
    • Update java/cors/rule-PermissiveCORSInjection.yml with additional sinks
    • Update java/crypto/rule-RsaNoPadding.yml to eliminate NoPadding false-positives when RSA is not being used
    • Update go/filesystem/rule-filereadtaint.yml to detect more cases
Check out latest releases or
releases around gitlab-org/security-products/analyzers/semgrep v4.10.1

Don't miss a new semgrep release

NewReleases is sending notifications on new releases.

Get notifications