Skip to content

scanoss/open-crypto-rules

SCANOSS Open Crypto Rules

License: GPL v3 Tests

Open source Semgrep / OpenGrep rules for detecting cryptographic usage in source code.

These rules statically inventory where cryptography is used across a codebase — algorithms, hashes, MACs, key material, certificates, and protocols — and attach structured metadata to each finding. The metadata is designed to feed downstream tooling such as a Cryptographic Bill of Materials (CBOM).

The rules surface evidence; they do not enforce policy. Whether a given algorithm or configuration is acceptable is left to the systems and people consuming the findings.

What's here

Path Description
semgrep-rules/ The detection rules, organized as <language>/<library>/...
tests/ Python + OpenGrep test framework and self-describing fixtures
TESTING.md Full guide to writing and running tests
Dockerfile.test Reproducible test environment
Makefile Common test commands

Quick start

Prerequisites

  • Python 3.9+
  • OpenGrep (or Semgrep) >= 1.12.1 — required for taint analysis
pip install semgrep        # provides the opengrep-compatible engine
opengrep --version         # should be >= 1.12.1

Run a scan

Point the engine at the rules and your code:

opengrep --config semgrep-rules/ --taint-intrafile path/to/your/code

Run the tests

make test            # run all tests
make test-parallel   # run across all CPU cores
make test-quick      # fast subset

Or in a container, with no local Python/OpenGrep setup:

make docker-test

See TESTING.md for the complete testing guide.

Coverage

Rules are grouped by language and library under semgrep-rules/. Each rule file is paired with self-describing test fixtures under tests/integration/fixtures/ that document and verify the expected detections.

Contributing

Contributions are welcome — new rules, additional fixtures, and improvements to the test framework. Please read CONTRIBUTING.md and our Code of Conduct before opening a pull request.

Security

To report a security issue, please follow the process in SECURITY.md.

License

This project is licensed under the GNU General Public License v3.0. See LICENSE for the full text.


Maintained by SCANOSS.

About

No description, website, or topics provided.

Resources

License

Code of conduct

Contributing

Security policy

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors