scanmycode-ce: code analysis & automation platform

Scanmycode CE (Community Edition)

Scanmycode is based on QuantifedCode. QuantifiedCode is a code analysis & automation platform. It helps you to keep track of issues and metrics in your software projects and can be easily extended to support new types of analyses. The application consists of several parts:

• A frontend realized as a React.js app
• A backend realized as a Flask app, that exposes a REST API consumed by the frontend
• A background worker, realized using Celery, that performs the code analysis

Currently supports: PHP, Java, Scala, Python, Ruby, Javascript, GO, Secret Scanning, Dependency Confusion, Trojan Source, Open Source, and Proprietary Checks (total ca. 1000 checks)

Advantages:

• Many tools, one report (unification)
• Dismiss, collaborate on findings. Mark false-positives
• Enable/disable each individual check-in Checkers
• ca. 1000 checks now (Linters, Static Code Analysis/Code Scanning)
• any tool outputting JSON can be added
• fast (checks only new code on recheck)
• Git support (HTTPS/TLS and SSH). For private repositories only SSH.
• all REST API callable (CI/CD integrateable)
• Swiss army knife tool/SIEM for Code Scanning
• 100% Code transparency & full control of your code

Cloud version and more at https://www.scanmycode.today

Under the hood

Progpilot, PMD, Bandit, Brakeman, Gosec, confused, semgrep, trufflehog3, jshint, log4shell via custom semgrep rule and other(s). Some were modified.

Install & Use

Copyright 2017 – QuantifiedCode UG (haftungsbeschränkt)