GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → coinbase → Salus

coinbase / Salus

Security scanner coordinator

Programming Languages

golang
3204 projects
js
455 projects

Labels

htmlnpmsecurity-toolsstatic-analysisyarnruby-on-railssecurity-scannercircleciauditcoinbase

Projects that are alternatives of or similar to Salus

Vulny Code Static Analysis
Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Stars: ✭ 207 (-53.06%)
Mutual labels:  static-analysis, security-tools, security-scanner, audit
Jsprime
a javascript static security analysis tool
Stars: ✭ 556 (+26.08%)
Mutual labels:  static-analysis, security-tools, security-scanner
Insider
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Stars: ✭ 216 (-51.02%)
Mutual labels:  static-analysis, security-tools, security-scanner
Krane
Kubernetes RBAC static Analysis & visualisation tool
Stars: ✭ 254 (-42.4%)
Mutual labels:  static-analysis, security-tools, security-scanner
Applicationinspector
A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Stars: ✭ 3,873 (+778.23%)
Mutual labels:  static-analysis, security-tools, security-scanner
Huskyci
Performing security tests inside your CI
Stars: ✭ 398 (-9.75%)
Mutual labels:  static-analysis, ruby-on-rails, security-tools
Evilscan
NodeJS Simple Network Scanner
Stars: ✭ 428 (-2.95%)
Mutual labels:  security-tools, security-scanner
Wssat
WEB SERVICE SECURITY ASSESSMENT TOOL
Stars: ✭ 360 (-18.37%)
Mutual labels:  static-analysis, security-tools
Burpa
Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
Stars: ✭ 427 (-3.17%)
Mutual labels:  security-tools, security-scanner
Npminstall
Make `npm install` fast and easy.
Stars: ✭ 374 (-15.19%)
Mutual labels:  npm, yarn
Super
Secure, Unified, Powerful and Extensible Rust Android Analyzer
Stars: ✭ 340 (-22.9%)
Mutual labels:  security-tools, security-scanner
Patrowlmanager
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (-17.69%)
Mutual labels:  security-tools, security-scanner
Envizon
network visualization & vulnerability management/reporting
Stars: ✭ 382 (-13.38%)
Mutual labels:  ruby-on-rails, security-tools
Taipan
Web application vulnerability scanner
Stars: ✭ 359 (-18.59%)
Mutual labels:  security-tools, security-scanner
Awesome Ruby Security
Awesome Ruby Security resources
Stars: ✭ 360 (-18.37%)
Mutual labels:  ruby-on-rails, security-tools
Threatmapper
Identify vulnerabilities in running containers, images, hosts and repositories
Stars: ✭ 361 (-18.14%)
Mutual labels:  security-tools, circleci
Syncpack
Manage multiple package.json files, such as in Lerna Monorepos and Yarn/Pnpm Workspaces
Stars: ✭ 356 (-19.27%)
Mutual labels:  npm, yarn
Website
Yarn package manager website
Stars: ✭ 374 (-15.19%)
Mutual labels:  npm, yarn
Awesome Npm
Awesome npm resources and tips
Stars: ✭ 3,894 (+782.99%)
Mutual labels:  npm, yarn
Benchmarks Of Javascript Package Managers
Benchmarks of JavaScript Package Managers
Stars: ✭ 388 (-12.02%)
Mutual labels:  npm, yarn
View All Similar Projects ➔

Salus

Salus: Guardian of Code Safety and Security

CircleCI

🔍 Overview

Salus (Security Automation as a Lightweight Universal Scanner), named after the Roman goddess of protection, is a tool for coordinating the execution of security scanners. You can run Salus on a repository via the Docker daemon and it will determine which scanners are relevant, run them and provide the output. Most scanners are other mature open source projects which we include directly in the container.

Salus is particularly useful for CI/CD pipelines because it becomes a centralized place to coordinate scanning across a large fleet of repositories. Typically, scanners are configured at the repository level for each project. This means that when making org wide changes to how the scanners are run, each repository must be updated. Instead, you can update Salus and all builds will instantly inherit the change.

Salus supports powerful configuration that allows for global defaults and local tweaks. Finally, Salus can report metrics on each repository, such as what packages are included or what concerns exist. These reports can be centrally evaluated in your infrastructure to allow for scalable security tracking.

Using Salus

# Navigate to the root directory of the project you want to run Salus on
cd /path/to/repo

# Run the following line while in the root directory (No edits necessary)
docker run --rm -t -v $(pwd):/home/repo coinbase/salus

Supported Scanners

  • Bandit - Execution of Bandit 1.6.2, looks for common security issues in Python code.
  • Brakeman - Execution of Brakeman 4.10.0, looks for vulnerable code in Rails projects.
  • semgrep - Execution of semgrep 0.36.0 which looks for semantic and syntactical patterns in code at the AST level.
  • BundleAudit - Execution of bundle-audit 0.7.0.1, looks for CVEs in ruby gem dependencies.
  • Gosec - Execution of gosec 2.4.0, looks for security problems in go code.
  • npm audit - Execution of npm audit 6.14.8 which looks for CVEs in node module dependencies.
  • yarn audit - Execution of yarn audit 1.22.0 which looks for CVEs in node module dependencies.
  • PatternSearch - Execution of sift 0.9.0, looks for certain strings in a project that might be dangerous or could require that certain strings be present.
  • Cargo Audit - Execution of Cargo Audit 0.14.0 Audit Cargo.lock files for crates with security vulnerabilities reported to the RustSec Advisory Database

Dependency Tracking

Salus also parses dependency files and reports which libraries and versions are being used. This can be useful for tracking dependencies across your fleet.

Currently supported languages are:

  • Ruby
  • Node.js
  • Python
  • Go
  • Rust

Configuration

Salus is designed to be highly configurable so that it can work in many different types of environments and with many different scanners. It supports environment variable interpolation and cascading configurations, and can read configuration and post reports over HTTP.

Sometimes it's necessary to ignore certain CVEs, rules, tests, groups, directories, or otherwise modify the default configuration for a scanner. The docs/scanners directory explains how to do so for each scanner that Salus supports.

If you would like to build custom scanners or support more languages that are not currently supported, you can use this method of building custom Salus images.

CircleCI Integration

Salus can be integrated with CircleCI by using a public Orb. All Salus configuration options are supported, and defaults are the same as for Salus itself.

Example CircleCI config.yml:

version: 2.1

orbs:
  salus: federacy/[email protected]

workflows:
  main:
    jobs:
      - salus/scan

Orb documentation

Github Actions Integration

Salus can also be used with Github Actions.

Example .github/workflows/main.yml:

on: [push]

jobs:
  salus_scan_job:
    runs-on: ubuntu-latest
    name: Salus Security Scan Example
    steps:
    - uses: actions/[email protected]
    - name: Salus Scan
      id: salus_scan
      uses: federacy/[email protected]

Github Action documentation

Using Salus in your Repo

For your given CI, update the config file to run salus. In circle, it will look like this:

docker run --rm -t -v $(pwd):/home/repo coinbase/salus

coinbase/salus pulls the docker image

Detailed Documentation

👷‍♂️ Development

Contribution to this project is extremely welcome and it's our sincere hope that the work we've done to this point only serves as a foundation for allowing the security/development communities as a whole to come together to improve the security of everyone's infrastructure.

You can read more about getting your development environment set up, or the architecture of Salus.

📃 License

This project is available open source under the terms of the Apache 2.0 License.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].