This project is a compilation of semgrep rules based on the OWASP (MASTG) for mobile applications.
semgrep is an open source static analysis tool utilized for identifying specific patterns within the target source code, without uploading it anywhere.
cd mobile-application-security-rules
semgrep scan --config rules/ path/to/your/codeThe rules are implemented for both native iOS (Swift) and Android (Java, Kotlin), because they represent the majority of the usages. All OWASP MASTG rules are not covered at the moment and some cannot be implemented.
The contribution to this project is totally open.
# globally
semgrep scan --test --config rules tests
# atomically
semgrep scan --test --config rules/path/to/rule.yml tests/path/to/rule.ext