NodejsScan是用于Node.js应用程序的静态安全代码扫描程序

NodeJsScan是用于Node.js应用程序的静态安全代码扫描程序

Static security code scanner (SAST) for Node.js applications powered by njsscan and semgrep.

e-Learning Courses & Certifications

Run nodejsscan

docker pull opensecurity/nodejsscan:latestdocker run -it -p 9090:9090 opensecurity/nodejsscan:latest

Setup nodejsscan locally

Install Postgres and configure SQLALCHEMY_DATABASE_URI in nodejsscan/settings.py or as environment variable.

From version 4 onwards, windows support is dropped.

git clone https://github.com/ajinabraham/nodejsscan.gitcd nodejsscanpython3 -m venv venvsource venv/bin/activatepip install -r requirements.txtpython3 manage.py recreate_db # Run once to create database entries

To run nodejsscan

./run.sh

This will run nodejsscan web user interface at http://127.0.0.1:9090

Command Line Interface(CLI) and Python API

CLI: https://github.com/ajinabraham/njsscan#command-line-optionsAPI: https://github.com/ajinabraham/njsscan#python-api

Integrations

Slack Alerts

Create your slack app Slack App and set SLACK_WEBHOOK_URL in nodejsscan/settings.py or as environment variable.

Email Alerts

Configure SMTP settings in nodejsscan/settings.py or as environment variable.

CI/CD or DevSecOps

Github Action: https://github.com/ajinabraham/njsscan#github-actionGitlab CI/CD: https://github.com/ajinabraham/njsscan#gitlab-cicdTravis CI: https://github.com/ajinabraham/njsscan#travis-ci

Build Docker image

docker build -t nodejsscan .docker run -it -p 9090:9090 nodejsscan

CLI Docker Image: https://github.com/ajinabraham/njsscan#build-locally

nodejsscan screenshots

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。