Engineering
semgrep-rule-creator avatar

semgrep-rule-creator

Build production-quality custom Semgrep rules for security vulnerability detection and code pattern enforcement using a strict test-driven development workflow.

Introduction

The semgrep-rule-creator skill is a specialized tool for security engineers and developers tasked with enhancing static analysis capabilities. It provides a robust, test-driven framework for authoring custom Semgrep rules to identify vulnerabilities, bug patterns, and coding standard violations. By enforcing a strict iterative process, the skill ensures that all generated rules are verified against both vulnerable and safe code samples, preventing common pitfalls like high false-positive rates and overly broad pattern matching. Users can leverage this skill to move beyond generic static analysis, creating highly specific detections tailored to their unique codebase requirements.

  • Employs a mandatory test-first development approach, requiring 100% test pass rates before rule deployment.

  • Prioritizes taint analysis for high-precision detection of data-flow vulnerabilities where user-controlled input reaches dangerous sinks.

  • Facilitates AST (Abstract Syntax Tree) analysis to ensure patterns are resilient to syntactic variations and edge cases.

  • Encourages iterative refinement by analyzing safe cases to eliminate false positives and verifying vulnerable cases to ensure coverage.

  • Enforces structured output, mandating that each rule is documented, tested, and contained in its own isolated directory structure.

  • Use for developing custom security rules, enforcing internal library usage patterns, and detecting legacy bug classes.

  • Inputs typically include target code snippets or documentation regarding specific vulnerabilities, while outputs are structured YAML rule files and accompanying test cases.

  • Requires running 'semgrep --test' commands; the skill acts as a guardian against anti-patterns such as matching broad patterns or skipping safe-case validation.

  • Note that this skill is not for running existing rulesets; use the static-analysis skill for general scans. Users should read the provided documentation and follow the workflow checklist to maintain consistency and quality across all authored rules.

Repository Stats

Stars
4,872
Forks
424
Open Issues
21
Language
Python
Default Branch
main
Sync Status
Idle
Last Synced
Apr 29, 2026, 01:43 AM
View on GitHub