Name: insider
Author: insidersec

About This Tool

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

Primary Use Case

This tool is designed for developers and security teams who want to automate vulnerability detection directly within their source code during the development lifecycle. It is especially useful for organizations aiming to embed security checks into their DevOps pipelines for technologies like Java, Kotlin, Swift, .NET, C#, and JavaScript. Insider helps identify security issues early to reduce risks before deployment.

Key Features

Static code analysis focused on OWASP Top 10 vulnerabilities

Supports multiple technologies: Java (Maven, Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, JavaScript (Node.js)

CLI tool with options for parallel analysis and customizable security levels

Precompiled binaries available for Linux, Windows, and macOS

Integration with GitHub Actions for seamless DevOps pipeline protection

Generates reports in HTML and JSON formats with options to disable

Docker container support for easy environment setup

Exclusion patterns to skip files or directories during analysis

Insights & Recommendations

For best results, integrate Insider into your CI/CD pipeline using the provided GitHub Action for automated, frictionless security scanning. Adjust the security threshold parameter to fit your project's risk tolerance. Excluding irrelevant directories like node_modules or test files can improve scan performance and reduce noise in reports.

Installation

Download precompiled binaries for your OS from the GitHub releases page
Extract the downloaded archive (e.g., tar -xf insider_2.1.0_linux_x86_64.tar.gz)
Make the binary executable (chmod +x insider)
Optionally, build from source if preferred
Use Docker by running the insidersec/insider container and mounting your project directory

Usage

insider -tech javascript -target <directory>

Run JavaScript code analysis on the specified directory

insider -tech android -target <directory> -no-html -no-json

Run Android analysis on the specified directory without generating HTML or JSON reports

insider -tech java -target <directory> -security 20

Run Java analysis with a base security threshold of 20 to fail the scan if vulnerabilities exceed this level

insider -tech javascript -target <directory> -exclude tests/* -exclude node_modules/*

Run JavaScript analysis excluding the tests and node_modules directories

docker run --rm -v $(pwd):/target-project insidersec/insider -tech <tech> -target /target-project

Run Insider inside a Docker container analyzing the mounted project directory

Smart Usage Notes

Integrate Insider into CI/CD pipelines to automate early detection of OWASP Top 10 vulnerabilities and reduce remediation costs.

Use the tool's exclusion patterns to focus scans on high-risk code areas, optimizing scan time and developer productivity.

Combine Insider with dynamic analysis tools to cover both static and runtime vulnerabilities for comprehensive application security.

Leverage GitHub Actions integration to enforce security gates on pull requests, preventing vulnerable code merges.

Use generated JSON reports to feed into centralized security dashboards for continuous monitoring and trend analysis.

OpenSec Atlas

insider

About This Tool

Primary Use Case

Key Features

Insights & Recommendations

Installation

Usage

Smart Usage Notes

Security Capability Profile

Tags

You Might Also Like