betterscan
by tcosolutions
Betterscan is an open-source DevSecOps orchestration toolchain that performs comprehensive static code and Infrastructure as Code (IaC) security scanning using multiple integrated scanners with unified reporting.
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan
Primary Use Case
Betterscan is designed for developers, security engineers, and DevOps teams who want to continuously scan their source code and infrastructure configurations for security and compliance risks. It automates the orchestration of multiple security tools, deduplicates findings, and provides consolidated reports to streamline vulnerability management in CI/CD pipelines.
- Orchestrates multiple security scanners for code, cloud, secrets, and IaC
- Unified and deduplicated security and compliance risk reporting
- Graph-based code analysis using Neo4j and AI-powered Fast GraphRAG
- Supports scanning of source code, Infrastructure as Code, secrets, SBOMs, and dependencies
- Outputs results in HTML, JSON, and SARIF formats
- Open and developer-friendly with extensible plugin architecture
- Supports SQL and SQLite backends for project data storage
- Cross-platform support via Linux, MacOS, Windows (WSL/Docker)
Installation
- Run on Linux (Ubuntu), MacOS, or Windows via WSL/Docker
- Use the provided CLI scripts to install and run scans
- No explicit installation commands given, usage is via curl to fetch and run scripts
- Example: Run `sh <(curl https://raw.githubusercontent.com/tcosolutions/betterscan/main/cli.sh)` in your Git repository folder
Usage
>_ checkmate --backend sql --backend-opts "postgresql://user:password@localhost/mydatabase" --path "/path/to/project" --pk "custom_pk"Creates a new project with a SQL backend and specified connection string, project path, and primary key
>_ sh <(curl https://raw.githubusercontent.com/tcosolutions/betterscan/main/cli.sh)Runs the Betterscan CLI in the current Git repository folder to perform a scan
>_ sh <(curl https://raw.githubusercontent.com/tcosolutions/betterscan/main/cli-html.sh)Runs Betterscan and generates output reports in HTML, JSON, and SARIF formats in the current directory
- Integrate Betterscan into CI/CD pipelines for continuous vulnerability detection and compliance enforcement.
- Leverage the graph-based AI analysis to uncover complex code and IaC security risks that traditional scanners might miss.
- Use unified and deduplicated reports to streamline vulnerability triage and reduce alert fatigue for security teams.
- Extend Betterscan’s plugin architecture to incorporate custom security checks tailored to organizational policies.
- Combine Betterscan outputs with SIEM or SOAR platforms to automate incident response workflows.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about betterscan. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
This tool hasn't been indexed yet. Request indexing to enable AI chat.
Admin will review your request within 24 hours
Related Tools
trivy
aquasecurity/trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
nuclei
projectdiscovery/nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
lynis
CISOfy/lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
vuls
future-architect/vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
oss-fuzz
google/oss-fuzz
OSS-Fuzz - continuous fuzzing for open source software.
nuclei-templates
projectdiscovery/nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.