ajinabraham/nodejsscan
nodejsscan is a static security code scanner for Node.js applications.
repo name | ajinabraham/nodejsscan |
repo link | https://github.com/ajinabraham/nodejsscan |
homepage | https://opensecurity.in |
language | CSS |
size (curr.) | 5467 kB |
stars (curr.) | 1401 |
created | 2015-02-27 |
license | GNU General Public License v3.0 |
nodejsscan
Static security code scanner (SAST) for Node.js applications powered by njsscan and semgrep.
e-Learning Courses & Certifications
OpSecX Node.js Security: Pentesting and Exploitation - NJS
Run nodejsscan
docker pull opensecurity/nodejsscan:latest
docker run -it -p 9090:9090 opensecurity/nodejsscan:latest
Setup nodejsscan locally
Install Postgres and configure SQLALCHEMY_DATABASE_URI
in nodejsscan/settings.py
or as environment variable.
From version 4 onwards, windows support is dropped.
git clone https://github.com/ajinabraham/nodejsscan.git
cd nodejsscan
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
python3 manage.py recreate_db # Run once to create database entries
To run nodejsscan
./run.sh
This will run nodejsscan web user interface at http://127.0.0.1:9090
Command Line Interface(CLI) and Python API
- CLI: https://github.com/ajinabraham/njsscan#command-line-options
- API: https://github.com/ajinabraham/njsscan#python-api
Integrations
Slack Alerts
Create your slack app Slack App and set SLACK_WEBHOOK_URL
in nodejsscan/settings.py
or as environment variable.
Email Alerts
Configure SMTP settings in nodejsscan/settings.py
or as environment variable.
CI/CD or DevSecOps
- Github Action: https://github.com/ajinabraham/njsscan#github-action
- Gitlab CI/CD: https://github.com/ajinabraham/njsscan#gitlab-cicd
- Travis CI: https://github.com/ajinabraham/njsscan#travis-ci
Build Docker image
docker build -t nodejsscan .
docker run -it -p 9090:9090 nodejsscan
- CLI Docker Image: https://github.com/ajinabraham/njsscan#build-locally
nodejsscan screenshots