[MASTG-TOOL-0110] Add semgrep

demos/android/MASVS-CRYPTO/MASTG-DEMO-0007/MASTG-DEMO-0007.md

@@ -12,7 +12,7 @@ test: MASTG-TEST-0204
 
 ### Steps
 
-Let's run our semgrep rule against the sample code.
+Let's run our @MASTG-TOOL-0110 rule against the sample code.
 
 {{ ../../../../rules/mastg-android-insecure-random-use.yaml }}
 

demos/android/MASVS-CRYPTO/MASTG-DEMO-0008/MASTG-DEMO-0008.md

@@ -12,7 +12,7 @@ test: MASTG-TEST-0205
 
 ### Steps
 
-Let's run our semgrep rule against the sample code.
+Let's run our @MASTG-TOOL-0110 rule against the sample code.
 
 {{ ../../../../rules/mastg-android-non-random-use.yaml }}
 

demos/android/MASVS-STORAGE/MASTG-DEMO-0003/MASTG-DEMO-0003.md

@@ -16,7 +16,7 @@ This requires special app access called ["All files access"](https://developer.a
 
 ### Steps
 
-Let's run our semgrep rule against the reversed java code.
+Let's run our @MASTG-TOOL-0110 rule against the reversed java code.
 
 {{ ../../../../rules/mastg-android-data-unencrypted-shared-storage-no-user-interaction-apis.yml }}
 

demos/android/MASVS-STORAGE/MASTG-DEMO-0004/MASTG-DEMO-0004.md

@@ -14,7 +14,7 @@ The snippet below shows sample code that creates a file in external storage usin
 
 ### Steps
 
-Let's run our semgrep rule against the reversed java code.
+Let's run our @MASTG-TOOL-0110 rule against the reversed java code.
 
 {{ ../../../../rules/mastg-android-data-unencrypted-shared-storage-no-user-interaction-apis.yml }}
 

demos/android/MASVS-STORAGE/MASTG-DEMO-0005/MASTG-DEMO-0005.md

@@ -14,7 +14,7 @@ The snippet below shows sample code that uses the `MediaStore` API to write a fi
 
 ### Steps
 
-Let's run our semgrep rule against the sample code.
+Let's run our @MASTG-TOOL-0110 rule against the sample code.
 
 {{ ../../../../rules/mastg-android-data-unencrypted-shared-storage-no-user-interaction-apis.yml }}
 

techniques/android/MASTG-TECH-0014.md

@@ -5,7 +5,7 @@ platform: android
 
 Static analysis is a technique used to examine and evaluate the source code of a mobile application without executing it. This method is instrumental in identifying potential security vulnerabilities, coding errors, and compliance issues. Static analysis tools can scan the entire codebase automatically, making them a valuable asset for developers and security auditors.
 
-Two good examples of static analysis tools are grep and [semgrep](https://semgrep.dev/). However, there are many other tools available, and you should choose the one that best fits your needs.
+Two good examples of static analysis tools are grep and @MASTG-TOOL-0110. However, there are many other tools available, and you should choose the one that best fits your needs.
 
 ## Example: Using grep for Manifest Analysis in Android Apps
 

tests-beta/android/MASVS-PRIVACY/MASTG-TEST-0206.md

@@ -30,4 +30,4 @@ The output should contain a network traffic sensitive data log that includes the
 
 The test case fails if you can find the sensitive data you entered in the app that is not stated in the App Store Privacy declarations.
 
-Note that this test does not provide any code locations where the sensitive data is being sent over the network. In order to identify the code locations, you can use static analysis tools like [semgrep](https://semgrep.dev/) or dynamic analysis tools like @MASTG-TOOL-0031.
+Note that this test does not provide any code locations where the sensitive data is being sent over the network. In order to identify the code locations, you can use static analysis tools like @MASTG-TOOL-0110 or dynamic analysis tools like @MASTG-TOOL-0031.

tools/generic/MASTG-TOOL-0110.md

@@ -0,0 +1,7 @@
+---
+title: semgrep
+platform: generic
+source: https://github.com/semgrep/semgrep
+---
+
+[semgrep](https://github.com/semgrep/semgrep) is a static code scanner that is able to scan Java, Kotlin and Swift.