Insider is the OSS CLI project from the Insider Application Security Security Team for the community. This project have a simplified version of the proprietary Static Application Security Testing engine developed internally by us, this version of Insider is exclusively focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline.
We have precompiled binaries for Linux and Windows operational systems that you can find here
But if you are (g)old school or just want to compile it yourself, you'll need at least Go version 1.13.3., and GNU Make >= 4.2.1;
After downloading / checking if your version is compatible, you just have to:
go get github.com/insidersec/insider
cd $GOPATH/src/github.com/insidersec/insider
make build
ormake buildWindows
- Have fun! 🚀
OBS.: The target folder should contain all the source code that should be analyzed, we plan to release support for compiled binaries for iOS, and Android' APKs.
Usage of insider:
-force
Do not overwrite over the results folder
-no-banner
Skips the banner printing (Useful for CI/Docker environments)
-no-html
Skips the report generation in the HTML format
-no-json
Skips the report generation in the JSON format
-target string
Specify where to look for files to run the specific ruleset
-tech string
Specify which technology ruleset to load. (Valid values are: android, ios, csharp, javascript)
-
Your contributions and suggestions are heartily ♥ welcome. See here the contribution guidelines. Please, report bugs via issues page. See here the security policy. for report security issues. (✿ ◕‿◕)
-
You can also see this same documentation in Portuguese or in Spanish.
- This work is licensed under LGPL-3.0.