Node.jsScan: A semantic aware static code analysis tool for Node.js applications
source link: https://github.com/ajinabraham/nodejsscan
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
nodejsscan
Static security code scanner (SAST) for Node.js applications powered by njsscan and semgrep .
Made with in India
e-Learning Courses & Certifications
OpSecX Node.js Security: Pentesting and Exploitation - NJS
Run nodejsscan
docker pull opensecurity/nodejsscan:latest docker run -it -p 9090:9090 opensecurity/nodejsscan:latest
Try nodejsscan online:
Setup nodejsscan locally
Install Postgres and configure SQLALCHEMY_DATABASE_URI
in nodejsscan/settings.py
or as environment variable.
From version 4 onwards, windows support is dropped.
git clone https://github.com/ajinabraham/nodejsscan.git cd nodejsscan python3 -m venv venv source venv/bin/activate pip install -r requirements.txt python3 manage.py recreate_db # Run once to create database entries
To run nodejsscan
./run.sh
This will run nodejsscan web user interface at http://127.0.0.1:9090
Command Line Interface(CLI) and Python API
- CLI: https://github.com/ajinabraham/njsscan#command-line-options
- API: https://github.com/ajinabraham/njsscan#python-api
Integrations
Slack Alerts
Create your slack app Slack App and set SLACK_WEBHOOK_URL
in nodejsscan/settings.py
or as environment variable.
Email Alerts
Configure SMTP settings in nodejsscan/settings.py
or as environment variable.
Github Action
- nodejsscan action: https://github.com/ajinabraham/njsscan#github-action
Build Docker image
docker build -t nodejsscan . docker run -it -p 9090:9090 nodejsscan
- CLI Docker Image: https://github.com/ajinabraham/njsscan#build-locally
nodejsscan screenshots
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK