Betterscan is an open-source DevSecOps orchestration toolchain that performs comprehensive static code and Infrastructure as Code (IaC) security scanning using multiple integrated scanners with unified reporting.
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan
Betterscan is designed for developers, security engineers, and DevOps teams who want to continuously scan their source code and infrastructure configurations for security and compliance risks. It automates the orchestration of multiple security tools, deduplicates findings, and provides consolidated reports to streamline vulnerability management in CI/CD pipelines.
Betterscan requires a compatible environment such as Linux, MacOS, or Windows with WSL/Docker support. It uses a combination of open-source tools and custom AI-powered graph analysis for enhanced vulnerability detection. Users should ensure proper backend configuration (SQL or SQLite) for project data persistence. The tool emphasizes continuous security and is suitable for integration into CI/CD pipelines.
Run on Linux (Ubuntu), MacOS, or Windows via WSL/Docker
Use the provided CLI scripts to install and run scans
No explicit installation commands given, usage is via curl to fetch and run scripts
Example: Run `sh <(curl https://raw.githubusercontent.com/tcosolutions/betterscan/main/cli.sh)` in your Git repository foldercheckmate --backend sql --backend-opts "postgresql://user:password@localhost/mydatabase" --path "/path/to/project" --pk "custom_pk"
Creates a new project with a SQL backend and specified connection string, project path, and primary key
sh <(curl https://raw.githubusercontent.com/tcosolutions/betterscan/main/cli.sh)
Runs the Betterscan CLI in the current Git repository folder to perform a scan
sh <(curl https://raw.githubusercontent.com/tcosolutions/betterscan/main/cli-html.sh)
Runs Betterscan and generates output reports in HTML, JSON, and SARIF formats in the current directory