nodejsscan
by ajinabraham
nodejsscan is a static security code scanner that detects vulnerabilities in Node.js applications through a web UI, CLI, and API.
nodejsscan is a static security code scanner for Node.js applications.
Primary Use Case
This tool is primarily used by developers and security professionals to identify security flaws in Node.js codebases before deployment. It integrates into DevSecOps pipelines to automate security scanning and provides alerts via Slack and email for continuous monitoring.
- Static Application Security Testing (SAST) for Node.js
- Powered by libsast and semgrep for deep code analysis
- Web user interface for interactive scanning and results visualization
- Command Line Interface (CLI) and Python API for automation
- Slack and Email alert integrations for vulnerability notifications
- Support for CI/CD pipelines including GitHub Actions, GitLab CI/CD, and Travis CI
- Docker images available for easy deployment
- PostgreSQL backend for storing scan results and configurations
Installation
- Install PostgreSQL and configure SQLALCHEMY_DATABASE_URI in nodejsscan/settings.py or as an environment variable
- Clone the repository: git clone https://github.com/ajinabraham/nodejsscan.git
- Navigate into the directory: cd nodejsscan
- Create a Python virtual environment: python3 -m venv venv
- Activate the virtual environment: source venv/bin/activate
- Install dependencies: pip install -r requirements.txt
- Create database schema: python3 manage.py recreate-db (run once)
- Run the application: ./run.sh
- Access the web UI at http://127.0.0.1:9090
- Alternatively, pull and run the Docker image: docker pull opensecurity/nodejsscan:latest
Usage
>_ docker pull opensecurity/nodejsscan:latestPull the latest Docker image for nodejsscan
>_ docker run -it -p 9090:9090 opensecurity/nodejsscan:latestRun nodejsscan Docker container exposing web UI on port 9090
>_ git clone https://github.com/ajinabraham/nodejsscan.gitClone the nodejsscan repository locally
>_ python3 -m venv venvCreate a Python virtual environment
>_ source venv/bin/activateActivate the Python virtual environment
>_ pip install -r requirements.txtInstall required Python dependencies
>_ python3 manage.py recreate-dbInitialize or recreate the database schema
>_ ./run.shStart the nodejsscan web user interface locally
- Integrate nodejsscan into CI/CD pipelines for automated pre-deployment vulnerability detection.
- Leverage Slack and email alerting features for real-time vulnerability notifications to development and security teams.
- Use the Python API to build custom automation workflows that trigger scans on code commits or pull requests.
- Combine nodejsscan findings with runtime application security monitoring tools to enhance detection coverage.
- Incorporate nodejsscan results into purple team exercises to simulate attacker exploitation and improve defensive controls.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about nodejsscan. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
PayloadsAllTheThings
swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
hoppscotch
hoppscotch/hoppscotch
Open source API development ecosystem - https://hoppscotch.io (open-source alternative to Postman, Insomnia)
ImHex
WerWolv/ImHex
🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
termux-app
termux/termux-app
Termux - a terminal emulator application for Android OS extendible by variety of packages.
sentry
getsentry/sentry
Developer-first error tracking and performance monitoring
CheatSheetSeries
OWASP/CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.