nodejsscan

nodejsscan is a static security code scanner for Node.js applications.

1931
307
CSS

nodejsscan nodejsscan icon

Static security code scanner (SAST) for Node.js applications powered by libsast and semgrep.

Made with Love in India Tweet

platform
License
python
Tests

Support nodejsscan

  • Donate via Paypal: Donate via Paypal
  • Sponsor the Project: Github Sponsors

e-Learning Courses & Certifications

OpSecX Video Course OpSecX Node.js Security: Pentesting and Exploitation - NJS

Run nodejsscan

docker pull opensecurity/nodejsscan:latest
docker run -it -p 9090:9090 opensecurity/nodejsscan:latest

Setup nodejsscan locally

Install Postgres and configure SQLALCHEMY_DATABASE_URI in nodejsscan/settings.py or as environment variable.

From version 4 onwards, windows support is dropped.

git clone https://github.com/ajinabraham/nodejsscan.git
cd nodejsscan
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
python3 manage.py recreate-db # Run once to create database schema

To run nodejsscan

./run.sh

This will run nodejsscan web user interface at http://127.0.0.1:9090

Command Line Interface(CLI) and Python API

njsscan_cli

Presentations

Watch the video

Integrations

Slack Alerts

Create your slack app Slack App and set SLACK_WEBHOOK_URL in nodejsscan/settings.py or as environment variable.

nodejsscan slack alert

Email Alerts

Configure SMTP settings in nodejsscan/settings.py or as environment variable.

CI/CD or DevSecOps

Build Docker image

docker build -t nodejsscan .
docker run -it -p 9090:9090 nodejsscan

nodejsscan screenshots

nodejsscan web ui
nodejsscan dashboard
nodejsscan charts
nodejsscan overview
nodejsscan findings