Test Semgrep Rule Skill
CommunityTest Semgrep rules against known vulnerable repos.
Software Engineering#vulnerability#benchmark#static-analysis#semgrep#false positives#security-testing#rule-testing
Authorchrismcmacken
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This skill helps security researchers and rule authors validate Semgrep rules against known vulnerable repositories to measure true and false positive rates, enabling reliable detection and benchmarking.
Core Features & Use Cases
- Execute end-to-end rule evaluation against curated vulnerable repos.
- Compute TP/FP/Recall/Precision metrics and summarize findings.
- Use Case: Benchmark rule performance across multi-language samples and standardized test-beds.
Quick Start
Follow the workflow to test a Semgrep rule against known vulnerable apps by cloning the test repositories described in resources/test-repositories.md, configuring your rule, running semgrep --config rule.yaml target/ --json > findings.json, and examining the results with jq.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: Test Semgrep Rule Skill Download link: https://github.com/chrismcmacken/bounty-hunter/archive/main.zip#test-semgrep-rule-skill Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.