GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → ajinabraham → Nodejsscan

ajinabraham / Nodejsscan

Licence: gpl-3.0
nodejsscan is a static security code scanner for Node.js applications.

Programming Languages

CSS
56736 projects
HTML
75241 projects
python
139335 projects - #7 most used programming language

Labels

nodejssecuritynodestatic-analysislintsecurity-scannercode-analysisdevsecopscode-reviewsastnode-securitynodejsscan

Projects that are alternatives of or similar to Nodejsscan

sonarqube-action
Integrate SonarQube scanner to GitHub Actions
Stars: ✭ 90 (-95.2%)
Mutual labels:  static-analysis, code-review, devsecops
intercept
INTERCEPT / Policy as Code Static Analysis Auditing / SAST
Stars: ✭ 54 (-97.12%)
Mutual labels:  static-analysis, devsecops, sast
qodana-action
⚙️ Scan your Java, Kotlin, PHP, Python, JavaScript, TypeScript projects at GitHub with Qodana
Stars: ✭ 112 (-94.02%)
Mutual labels:  static-analysis, code-review, devsecops
Njsscan
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Stars: ✭ 128 (-93.17%)
Mutual labels:  static-analysis, lint, devsecops
Reviewdog
🐶 Automated code review tool integrated with any code analysis tools regardless of programming language
Stars: ✭ 4,541 (+142.32%)
Mutual labels:  static-analysis, lint, code-review
Rubocop Rspec
Code style checking for RSpec files
Stars: ✭ 603 (-67.82%)
Mutual labels:  static-analysis, lint
Cfn nag
Linting tool for CloudFormation templates
Stars: ✭ 808 (-56.88%)
Mutual labels:  static-analysis, lint
Pysonar2
PySonar2: an advanced semantic indexer for Python
Stars: ✭ 1,074 (-42.69%)
Mutual labels:  static-analysis, code-analysis
Feram
Feram finds & fixes bugs in your commits
Stars: ✭ 122 (-93.49%)
Mutual labels:  code-review, code-analysis
Salus
Security scanner coordinator
Stars: ✭ 441 (-76.47%)
Mutual labels:  static-analysis, security-scanner
Spoon
Spoon is a metaprogramming library to analyze and transform Java source code (up to Java 15). 🥄 is made with ❤️, 🍻 and ✨. It parses source files to build a well-designed AST with powerful analysis and transformation API.
Stars: ✭ 1,078 (-42.48%)
Mutual labels:  static-analysis, code-analysis
Radon
Various code metrics for Python code
Stars: ✭ 1,193 (-36.34%)
Mutual labels:  static-analysis, code-analysis
Kube Scan
kube-scan: Octarine k8s cluster risk assessment tool
Stars: ✭ 566 (-69.8%)
Mutual labels:  security-scanner, devsecops
Jsprime
a javascript static security analysis tool
Stars: ✭ 556 (-70.33%)
Mutual labels:  static-analysis, security-scanner
Php Language Server
PHP Implementation of the VS Code Language Server Protocol 🆚↔🖥
Stars: ✭ 1,019 (-45.62%)
Mutual labels:  static-analysis, code-analysis
Eslint Plugin Sonarjs
SonarJS rules for ESLint
Stars: ✭ 458 (-75.56%)
Mutual labels:  static-analysis, code-analysis
Static Analysis
⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.
Stars: ✭ 9,310 (+396.8%)
Mutual labels:  static-analysis, sast
Pest
🐞 Primitive Erlang Security Tool
Stars: ✭ 79 (-95.78%)
Mutual labels:  static-analysis, security-scanner
Ruby Saddler
Stars: ✭ 93 (-95.04%)
Mutual labels:  lint, code-review
Find Sec Bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
Stars: ✭ 1,748 (-6.72%)
Mutual labels:  static-analysis, code-analysis
View All Similar Projects ➔

nodejsscan nodejsscan icon

Static security code scanner (SAST) for Node.js applications powered by libsast and semgrep.

Made with Love in India Tweet

platform License python

Language grade: Python Requirements Status Build

Support nodejsscan

  • Donate via Paypal: Donate via Paypal
  • Sponsor the Project: Github Sponsors

e-Learning Courses & Certifications

OpSecX Video Course OpSecX Node.js Security: Pentesting and Exploitation - NJS

Run nodejsscan

docker pull opensecurity/nodejsscan:latest
docker run -it -p 9090:9090 opensecurity/nodejsscan:latest

Try nodejsscan online: Try in PWD

Setup nodejsscan locally

Install Postgres and configure SQLALCHEMY_DATABASE_URI in nodejsscan/settings.py or as environment variable.

From version 4 onwards, windows support is dropped.

git clone https://github.com/ajinabraham/nodejsscan.git
cd nodejsscan
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
python3 manage.py recreate-db # Run once to create database schema

To run nodejsscan

./run.sh

This will run nodejsscan web user interface at http://127.0.0.1:9090

Command Line Interface(CLI) and Python API

njsscan_cli

Presentations

Watch the video

Integrations

Slack Alerts

Create your slack app Slack App and set SLACK_WEBHOOK_URL in nodejsscan/settings.py or as environment variable.

nodejsscan slack alert

Email Alerts

Configure SMTP settings in nodejsscan/settings.py or as environment variable.

CI/CD or DevSecOps

Build Docker image

docker build -t nodejsscan .
docker run -it -p 9090:9090 nodejsscan

nodejsscan screenshots

nodejsscan web ui nodejsscan dashboard nodejsscan charts nodejsscan overview nodejsscan findings

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].