June 9, 2020

210 words 1 min read

ajinabraham/nodejsscan

ajinabraham/nodejsscan

nodejsscan is a static security code scanner for Node.js applications.

repo name ajinabraham/nodejsscan
repo link https://github.com/ajinabraham/nodejsscan
homepage https://opensecurity.in
language CSS
size (curr.) 5467 kB
stars (curr.) 1401
created 2015-02-27
license GNU General Public License v3.0

nodejsscan nodejsscan icon

Static security code scanner (SAST) for Node.js applications powered by njsscan and semgrep.

Made with Love in India Tweet

platform License python

Language grade: Python Requirements Status Build

e-Learning Courses & Certifications

OpSecX Video Course OpSecX Node.js Security: Pentesting and Exploitation - NJS

Run nodejsscan

docker pull opensecurity/nodejsscan:latest
docker run -it -p 9090:9090 opensecurity/nodejsscan:latest

Try nodejsscan online: Try in PWD

Setup nodejsscan locally

Install Postgres and configure SQLALCHEMY_DATABASE_URI in nodejsscan/settings.py or as environment variable.

From version 4 onwards, windows support is dropped.

git clone https://github.com/ajinabraham/nodejsscan.git
cd nodejsscan
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
python3 manage.py recreate_db # Run once to create database entries

To run nodejsscan

./run.sh

This will run nodejsscan web user interface at http://127.0.0.1:9090

Command Line Interface(CLI) and Python API

njsscan_cli

Integrations

Slack Alerts

Create your slack app Slack App and set SLACK_WEBHOOK_URL in nodejsscan/settings.py or as environment variable.

nodejsscan slack alert

Email Alerts

Configure SMTP settings in nodejsscan/settings.py or as environment variable.

CI/CD or DevSecOps

Build Docker image

docker build -t nodejsscan .
docker run -it -p 9090:9090 nodejsscan

nodejsscan screenshots

nodejsscan web ui nodejsscan dashboard nodejsscan charts nodejsscan overview nodejsscan findings

comments powered by Disqus