It is a Code and Infrastructure (IaC) and Cloud-native Scanning/SAST/Static Analysis/Linting solution using many tools/Scanners with One Report.
You can also add any tool to it. Currently, it supports many languages and tech stacks.
If you like it, please give it a GitHub star/fork/watch/contribute. This will ensure continuous development.
Run this command in your code directory (checkout from Git – .git folder needs to be there, if you work with the normal directory, make the Git repo out of it git init && git add . && git commit
etc):
sh <(curl https://raw.githubusercontent.com/tcosolutions/betterscan-ce/main/cli.sh)
or for an HTML report:
sh <(curl https://raw.githubusercontent.com/tcosolutions/betterscan-ce/main/cli-html.sh)
That’s it. You just checked your code for 2,300+ Checks (Defects, Vulnerabilities, Best Practices, Secrets – 166+ secret types) and 4,000+ YARA rules for Antidebug, Antivm, Crypto, CVE, Exploits Kits, Malware, Web shells, and APTs.
FYI Above will maintain state via (.checkmate folder). Only new commits will be checked.
This solutions should be part of DevOps/DevSecOps/Platform Engineering efforts. You can “shift left” your security efforts using below and providing tools to developers.
That way you can setup asynchronous DevSecOps feedback for the repositories you set up to scan (daily, on commit etc.)
git clone git@github.com:tcosolutions/betterscan-ce.git
cd betterscan-ce/dockerhub
docker compose up
Just run for CLI:
sh <(curl https://raw.githubusercontent.com/tcosolutions/betterscan-ce/main/cli.sh)
or for an HTML report:
sh <(curl https://raw.githubusercontent.com/tcosolutions/betterscan-ce/main/cli-html.sh)
It will maintain state in .checkmate
folder. First run can be longer, next should be very fast. Just re-run the same command on the next iteration.
For more information click here.
Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…
Docker is one of the most widely used containerization platforms. But there may come a…
Introduction Google Dorking is a technique where advanced search operators are used to uncover information…
Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…