Skip to content

A collection of Semgrep rules inspired from the OWASP MASTG specifically for mobile applications

Notifications You must be signed in to change notification settings

insideapp-oss/mobile-application-security-rules

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Mobile Application Security Rules

This project is a compilation of semgrep rules based on the OWASP (MASTG) for mobile applications.

semgrep is an open source static analysis tool utilized for identifying specific patterns within the target source code, without uploading it anywhere.

Usage

cd mobile-application-security-rules
semgrep scan --config rules/ path/to/your/code

Status

The rules are implemented for both native iOS (Swift) and Android (Java, Kotlin), because they represent the majority of the usages. All OWASP MASTG rules are not covered at the moment and some cannot be implemented.

Contributing

The contribution to this project is totally open.

How to run tests

# globally
semgrep scan --test --config rules tests
# atomically
semgrep scan --test --config rules/path/to/rule.yml tests/path/to/rule.ext

About

A collection of Semgrep rules inspired from the OWASP MASTG specifically for mobile applications

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published