[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-73457":3},{"id":4,"name":5,"fullName":6,"owner":5,"repo":5,"description":7,"homepage":8,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":15,"forks30d":15,"starsTrendScore":19,"compositeScore":20,"rankGlobal":9,"rankLanguage":9,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":24,"hasPages":22,"topics":25,"createdAt":9,"pushedAt":9,"updatedAt":26,"readmeContent":27,"aiSummary":28,"trendingCount":15,"starSnapshotCount":15,"syncStatus":29,"lastSyncTime":30,"discoverSource":31},73457,"opengrep","opengrep\u002Fopengrep","🔎 Static code analysis engine to find security issues in code.","",null,"OCaml",2670,218,23,71,0,17,40,154,51,29.02,"GNU Lesser General Public License v2.1",false,"main",true,[],"2026-06-12 02:03:13","\u003Cbr \u002F>\n\u003Cp align=\"center\">\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fopengrep\">\n \u003Cpicture>\n \u003Csource media=\"(prefers-color-scheme: light)\" srcset=\"images\u002Fopengrep-github-banner.svg\">\n \u003Csource media=\"(prefers-color-scheme: dark)\" srcset=\"images\u002Fopengrep-github-banner.svg\">\n \u003Cimg src=\"https:\u002F\u002Fraw.githubusercontent.com\u002Fopengrep\u002Fopengrep\u002Fmain\u002Fimages\u002Fopengrep-github-banner.svg\" width=\"100%\" alt=\"Opengrep logo\"\u002F>\n \u003C\u002Fpicture>\n \u003C\u002Fa>\n\u003C\u002Fp>\n\n### Welcome to Opengrep, a fork of Semgrep, under the LGPL 2.1 license\n\n**Opengrep is the most advanced open source SAST engine.**\n\nLet's make secure software development a shared standard. Opengrep provides every developer and organisation with open and advanced static code analysis.\n\nOpengrep is backed by a consortium of 10+ AppSec organisations, including: [Aikido](https:\u002F\u002Fwww.aikido.dev\u002F), [Arnica](https:\u002F\u002Fwww.arnica.io), [Amplify](https:\u002F\u002Famplify.security\u002F), [Endor Labs](https:\u002F\u002Fwww.endorlabs.com\u002F), [Jit](https:\u002F\u002Fwww.jit.io\u002F), [Kodem](https:\u002F\u002Fwww.kodemsecurity.com\u002F), [Legit](https:\u002F\u002Fwww.legitsecurity.com\u002F), [Mobb](https:\u002F\u002Fwww.mobb.ai\u002F), [Orca Security](https:\u002F\u002Forca.security\u002F), and [Phoenix Security](https:\u002F\u002Fphoenix.security\u002F). To learn more, read the manifesto at [opengrep.dev](https:\u002F\u002Fopengrep.dev\u002F).\n\n## Why Opengrep?\n\nOpengrep was created when Semgrep moved critical features behind a commercial licence. We believe advanced static analysis should remain open and accessible to all.\n\n**Key advantages:**\n- **Compatible with Semgrep rules** - your existing rules and rulesets work unchanged\n- **Standard outputs** - JSON and SARIF formats for easy integration\n- **Open governance** - contributions accepted on merit, not commercial interest\n- **Long-term assurance** - committed to open-source under LGPL 2.1\n\n## Key Improvements\n\nOpengrep has introduced significant improvements since the fork. Highlights include:\n\n**Superior Taint Analysis** (`--taint-intrafile`):\n- Constructor and field assignment tracking\n- Inter-method taint flow\n- Higher-order function support across 12 languages\n- Collection method tainting (map, filter, reduce, etc.)\n\nSee the [Intrafile Tainting Tutorial](https:\u002F\u002Fgithub.com\u002Fopengrep\u002Fopengrep\u002Fwiki\u002FIntrafile-tainting-tutorial) and [Higher-Order Functions Tutorial](https:\u002F\u002Fgithub.com\u002Fopengrep\u002Fopengrep\u002Fwiki\u002FHigher-order-functions-tutorial) for details.\n\n**Language Support:**\n- **Visual Basic** - not available in Semgrep CE or Pro\n- **Apex, Elixir** - not in Semgrep CE\n- **Improved**: Clojure (tainting support), PHP 8.4, C# 14\n\n**Distribution:**\n- Self-contained binaries via Nuitka (no Python required)\n- Signed releases with Cosign\n\nSee [OPENGREP.md](OPENGREP.md) for the full list of improvements since the fork.\n\n# Opengrep: Fast and Powerful Code Pattern Search\n\nOpengrep is an ultra-fast static analysis tool for searching code patterns with the power of semantic grep. Analyze large code bases at the speed of thought with intuitive pattern matching and customizable rules. Find and fix security vulnerabilities, fast – ship more secure code.\n\nOpengrep supports 30+ languages, including:\n\nApex · Bash · C · C++ · C# · Clojure · Dart · Dockerfile · Elixir · Go · HTML · Java · JavaScript · JSON · Jsonnet · JSX · Julia · Kotlin · Lisp · Lua · OCaml · PHP · Python · R · Ruby · Rust · Scala · Scheme · Solidity · Swift · Terraform · TSX · TypeScript · Visual Basic · XML · YAML · Generic (ERB, Jinja, etc.)\n\n## Installation\n\n### Quick Install (Recommended)\n\n#### Linux \u002F macOS\n\n```bash\ncurl -fsSL https:\u002F\u002Fraw.githubusercontent.com\u002Fopengrep\u002Fopengrep\u002Fmain\u002Finstall.sh | bash\n```\n\nOr if you've cloned the repo:\n\n```bash\n.\u002Finstall.sh\n```\n\n#### Windows (PowerShell)\n\n```powershell\nirm https:\u002F\u002Fraw.githubusercontent.com\u002Fopengrep\u002Fopengrep\u002Fmain\u002Finstall.ps1 | iex\n```\n\nOr with a specific version:\n\n```powershell\n& ([scriptblock]::Create((irm https:\u002F\u002Fraw.githubusercontent.com\u002Fopengrep\u002Fopengrep\u002Fmain\u002Finstall.ps1))) -Version v1.16.0\n```\n\n### Manual Install\n\nBinaries are available on the [releases page](https:\u002F\u002Fgithub.com\u002Fopengrep\u002Fopengrep\u002Freleases).\n\n## Getting started\n\nCreate `rules\u002Fdemo-rust-unwrap.yaml` with the following content:\n\n```yml\nrules:\n- id: unwrapped-result\n pattern: $VAR.unwrap()\n message: \"Unwrap detected - potential panic risk\"\n languages: [rust]\n severity: WARNING\n```\n\nand `code\u002Frust\u002Fmain.rs` with the following content (that contains a risky unwrap):\n\n```rust\nfn divide(a: i32, b: i32) -> Result\u003Ci32, String> {\n if b == 0 {\n return Err(\"Division by zero\".to_string());\n }\n Ok(a \u002F b)\n}\n\nfn main() {\n let result = divide(10, 0).unwrap(); \u002F\u002F Risky unwrap!\n println!(\"Result: {}\", result);\n}\n```\n\nYou should now have: \n\n``` shell\n.\n├── code\n│ └── rust\n│ └── main.rs\n└── rules\n └── demo-rust-unwrap.yaml\n```\n\nNow run: \n\n```bash\n❯ opengrep scan -f rules code\u002Frust\n\n┌──────────────┐\n│ Opengrep CLI │\n└──────────────┘\n\n\nScanning 1 file (only git-tracked) with 1 Code rule:\n\n CODE RULES\n Scanning 1 file.\n\n PROGRESS\n\n ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:00\n\n\n┌────────────────┐\n│ 1 Code Finding │\n└────────────────┘\n\n code\u002Frust\u002Fmain.rs\n ❯❯ rules.unwrapped-result\n Unwrap detected - potential panic risk\n\n 9┆ let result = divide(10, 0).unwrap(); \u002F\u002F Risky unwrap!\n\n\n\n┌──────────────┐\n│ Scan Summary │\n└──────────────┘\n\nRan 1 rule on 1 file: 1 finding.\n```\n\nTo obtain SARIF output: \n\n```bash\n❯ opengrep scan --sarif-output=sarif.json -f rules code\n ...\n❯ cat sarif.json | jq\n{\n \"version\": \"2.1.0\",\n \"runs\": [\n {\n \"invocations\": [\n {\n \"executionSuccessful\": true,\n \"toolExecutionNotifications\": []\n }\n ],\n \"results\": [\n {\n \"fingerprints\": {\n \"matchBasedId\u002Fv1\": \"a0ff5ed82149206a74ee7146b075c8cb9e79c4baf86ff4f8f1c21abea6ced504e3d33bb15a7e7dfa979230256603a379edee524cf6a5fd000bc0ab29043721d8_0\"\n },\n \"locations\": [\n {\n \"physicalLocation\": {\n \"artifactLocation\": {\n \"uri\": \"code\u002Frust\u002Fmain.rs\",\n \"uriBaseId\": \"%SRCROOT%\"\n },\n \"region\": {\n \"endColumn\": 40,\n \"endLine\": 9,\n \"snippet\": {\n \"text\": \" let result = divide(10, 0).unwrap(); \u002F\u002F Risky unwrap!\"\n },\n \"startColumn\": 18,\n \"startLine\": 9\n }\n }\n }\n ],\n \"message\": {\n \"text\": \"Unwrap detected - potential panic risk\"\n },\n \"properties\": {},\n \"ruleId\": \"rules.unwrapped-result\"\n }\n ],\n \"tool\": {\n \"driver\": {\n \"name\": \"Opengrep OSS\",\n \"rules\": [\n {\n \"defaultConfiguration\": {\n \"level\": \"warning\"\n },\n \"fullDescription\": {\n \"text\": \"Unwrap detected - potential panic risk\"\n },\n \"help\": {\n \"markdown\": \"Unwrap detected - potential panic risk\",\n \"text\": \"Unwrap detected - potential panic risk\"\n },\n \"id\": \"rules.unwrapped-result\",\n \"name\": \"rules.unwrapped-result\",\n \"properties\": {\n \"precision\": \"very-high\",\n \"tags\": []\n },\n \"shortDescription\": {\n \"text\": \"Opengrep Finding: rules.unwrapped-result\"\n }\n }\n ],\n \"semanticVersion\": \"1.100.0\"\n }\n }\n }\n ],\n \"$schema\": \"https:\u002F\u002Fdocs.oasis-open.org\u002Fsarif\u002Fsarif\u002Fv2.1.0\u002Fos\u002Fschemas\u002Fsarif-schema-2.1.0.json\"\n}\n```\n\n## Documentation\n\n- [Wiki](https:\u002F\u002Fgithub.com\u002Fopengrep\u002Fopengrep\u002Fwiki) - tutorials and language guides\n- [Intrafile Tainting Tutorial](https:\u002F\u002Fgithub.com\u002Fopengrep\u002Fopengrep\u002Fwiki\u002FIntrafile-tainting-tutorial)\n- [Higher-Order Functions Tutorial](https:\u002F\u002Fgithub.com\u002Fopengrep\u002Fopengrep\u002Fwiki\u002FHigher-order-functions-tutorial)\n- [C# Support](https:\u002F\u002Fgithub.com\u002Fopengrep\u002Fopengrep\u002Fwiki\u002FSupport-for-C%23) (C# 12\u002F13\u002F14)\n- [PHP Support](https:\u002F\u002Fgithub.com\u002Fopengrep\u002Fopengrep\u002Fwiki\u002FSupport-for-Php) (PHP 7.1-8.4)\n- [Visual Basic Support](https:\u002F\u002Fgithub.com\u002Fopengrep\u002Fopengrep\u002Fwiki\u002FSupport-for-Visual-Basic)\n\n## Community\n\n- [X \u002F Twitter](https:\u002F\u002Fx.com\u002Fopengrep)\n- [Reddit](https:\u002F\u002Fwww.reddit.com\u002Fr\u002Fopengrep)\n- [Manifesto](https:\u002F\u002Fopengrep.dev\u002F) - why we forked\n- [Open roadmap sessions](https:\u002F\u002Flu.ma\u002Fopengrep) - join the conversation\n\n## More\n\n- [Contributing](CONTRIBUTING.md)\n- [Build instructions for developers](INSTALL.md)\n- [License (LGPL-2.1)](LICENSE)\n\n---\n\n_Opengrep is a fork of Semgrep v1.100.0, created by Semgrep Inc. Opengrep is not affiliated with or endorsed by Semgrep Inc._\n","Opengrep 是一个静态代码分析引擎,用于在代码中查找安全问题。它支持多种编程语言,并提供了高级污点分析功能,包括构造函数和字段赋值跟踪、方法间污点流以及高阶函数支持等。此外,Opengrep 兼容 Semgrep 规则集,输出标准的 JSON 和 SARIF 格式,便于集成。该项目采用 LGPL 2.1 许可证,确保长期开源承诺。适用于需要进行代码审计、提升软件开发安全性的个人开发者及组织机构。",2,"2026-06-11 03:45:38","high_star"]