/NodeJsScan

NodeJsScan is a static security code scanner for Node.js applications.

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

NodeJsScan

Static security code scanner (SAST) for Node.js applications.

How to Configure

  1. Install Postgres and configure SQLALCHEMY_DATABASE_URI in core/settings.py
  2. Run pip install -r requirements.txt
  3. Run python createdb.py
  4. Run python app.py

This will run NodeJsScan on http://0.0.0.0:9090 If you need to debug, set DEBUG = True in core/settings.py

NodeJsScan CLI

The command line interface (CLI) allows you to integrate NodeJsScan with DevSecOps CI/CD pipelines. The results are in JSON format. When you use CLI the results are never stored with NodeJsScan backend.

python cli.py -d <node_js_source_code>

Learn Node.js Security: Pentesting and Exploitation

OpSecX Video Course

Docker

docker build -t nodejsscan .
docker run -it -p 9090:9090 nodejsscan

DockerHub

docker pull opensecurity/nodejsscan
docker run -it -p 9090:9090 opensecurity/nodejsscan:latest

NodeJsScan Web UI

NodeJsScan V2

Static Analysis

NodeJsScan Static Scan Results NodeJsScan Static Scan Vulnerability Details