#1
Performant type-checking for python.
7.2K starsJun 15, 2026 pushdevelopmentOCamlStatic Analysis
$ npx skills add facebook/pyre-checkAlternatives
Semgrep Rules alternatives for AI agents.
Compare similar skills by workflow fit, trust score, quality, GitHub adoption, maintenance, and install readiness.
Current skill
Semgrep Rules
Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.
97
Quality
91
Trust
1.2K
Stars
#2
Go security checker
8.9K starsJun 15, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add securego/gosec#3
A collection of my Semgrep rules to facilitate vulnerability research.
827 starsJun 15, 2026 pushdevelopmentCStatic Analysis
$ npx skills add 0xdea/semgrep-rules#4
Static analysis for GitHub Actions
5.6K starsJun 14, 2026 pushdevelopmentRustStatic Analysis
$ npx skills add zizmorcore/zizmor#5
A static analysis security vulnerability scanner for Ruby on Rails applications
7.2K starsJun 15, 2026 pushdevelopmentRubyStatic Analysis
$ npx skills add presidentbeef/brakeman#6
A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
4.4K starsFeb 17, 2026 pushdevelopmentC#Static Analysis
$ npx skills add microsoft/ApplicationInspector#7
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
2.4K starsMar 26, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add find-sec-bugs/find-sec-bugs#8
Static analyzer for C/C++ based on the theory of Abstract Interpretation.
3.2K starsMay 31, 2026 pushdevelopmentC++Static Analysis
$ npx skills add NASA-SW-VnV/ikos#9
An easy-to-learn/use static analysis framework for Java and Android
1.8K starsJun 9, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add pascal-lab/Tai-e#10
Protect against malicious open source packages 🤖
1.1K starsJun 11, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add safedep/vet#11
Security risk analysis for Kubernetes resources
1.5K starsJun 15, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add controlplaneio/kubesec#12
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
1.1K starsMay 15, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add XmirrorSecurity/OpenSCA-cli#13
🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
54K starsJun 12, 2026 pushdevelopmentC++Static Analysis
$ npx skills add WerWolv/ImHex#14
A LLVM-based static analysis framework.
1.0K starsJun 11, 2026 pushdevelopmentC++Static Analysis
$ npx skills add secure-software-engineering/phasar#15
An extremely fast Python linter and code formatter, written in Rust.
48K starsJun 14, 2026 pushdevelopmentRustStatic Analysis
$ npx skills add astral-sh/ruff#16
ShellCheck, a static analysis tool for shell scripts
40K starsJun 11, 2026 pushdevelopmentHaskellStatic Analysis
$ npx skills add koalaman/shellcheckHow to choose
When should you switch?
Use an alternative when it has a clearer install path, higher trust score, fresher maintenance, or better platform fit for your current agent stack. Keep Semgrep Rules if it already passes your workflow test and repository review.
Next step
Compare top candidates side by side
Open the compare page, test the install commands in a sandbox, and check each repository before using a skill in production.