What is this Python project?
Semgrep is a fast, open-source, static analysis engine for finding bugs, detecting vulnerabilities in third-party dependencies, and enforcing code standards. It is faster than Bandit and covers almost all static analysis tools.
Semgrep analyzes code locally on your computer or in your build environment: code is never uploaded.
Its rules look like the code you already write; no abstract syntax trees, regex wrestling, or painful DSLs. You can write your own rules instead of using the already mentioned rules. Also, GitLab recently announced they are transitioning a majority GitLab SAST analyzers to Semgrep!
What's the difference between this Python project and similar ones?
Faster Static analysis tool than any other tool.
--
Anyone who agrees with this pull request could submit an Approve review to it.