NodeJsScan v4.8 releases: static security code scanner for Node.js applications

by do son · Published · Updated

NodeJsScan

NodeJsScan

Static security code scanner (SAST) for Node.js applications.

Changelog v4.6

  • njsscan bump + performance upgrade.
  • Test Fix
  • Dependency updates

How to Configure

  1. Clone the repo: 
    git clone https://github.com/ajinabraham/NodeJsScan.git
  2. Install Postgres and configure SQLALCHEMY_DATABASE_URI in core/settings.py
  3. Run pip install -r requirements.txt
  4. Run python createdb.py
  5. Run python app.py

This will run NodeJsScan on http://0.0.0.0:9090 If you need to debug, set DEBUG = True in core/settings.py

NodeJsScan CLI

The command-line interface (CLI) allows you to integrate NodeJsScan with DevSecOps CI/CD pipelines. The results are in JSON format. When you use CLI the results are never stored with a NodeJsScan backend.

python cli.py -d <node_js_source_code>

Learn Node.js Security: Pentesting and Exploitation

OpSecX Video Course

Docker

docker build -t nodejsscan .
docker run -it -p 9090:9090 nodejsscan

DockerHub

docker pull opensecurity/nodejsscan
docker run -it -p 9090:9090 opensecurity/nodejsscan:latest

NodeJsScan Web UI

NodeJsScan V2

Static Analysis

NodeJsScan Static Scan ResultsNodeJsScan Static Scan Vulnerability Details

Copyright (C) ajinabraham

Source: https://github.com/ajinabraham/

Tags: NodeJsScan