semgrep limitations note

2025-04-19 15:11:38 +02:00 · 2022-01-19 11:19:55 +01:00 · 2022-01-19 11:19:55 +01:00 · e097b03fa0
commit e097b03fa0
parent ffc134b767
1 changed files with 2 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -147,6 +147,8 @@ Static code review tools working with source code and looking for known patterns
 | **SonarQube community** | [https://github.com/SonarSource/sonarqube](https://github.com/SonarSource/sonarqube) | Detect security issues in code review with Static Application Security Testing (SAST) |![SonarQube](https://img.shields.io/github/stars/SonarSource/sonarqube?style=for-the-badge) | 
 | **gosec** | [https://github.com/securego/gosec](https://github.com/securego/gosec) | Inspects source code for security problems by scanning the Go AST. |![SonarQube](https://img.shields.io/github/stars/securego/gosec?style=for-the-badge) | 
 **Note:** Semgrep is free CLI tool, however some rulesets (https://semgrep.dev/r) are having various licences, some can be free to use and can be commercial.  
 OWASP curated list of SAST tools : https://owasp.org/www-community/Source_Code_Analysis_Tools 
 ## DAST