Cyber security

BetterScan-CE Wiki : Integrating Comprehensive Security Scans Into DevOps

It is a Code and Infrastructure (IaC) and Cloud-native Scanning/SAST/Static Analysis/Linting solution using many tools/Scanners with One Report.

You can also add any tool to it. Currently, it supports many languages and tech stacks.

If you like it, please give it a GitHub star/fork/watch/contribute. This will ensure continuous development.

Run this command in your code directory (checkout from Git – .git folder needs to be there, if you work with the normal directory, make the Git repo out of it git init && git add . && git commit etc):

sh <(curl https://raw.githubusercontent.com/tcosolutions/betterscan-ce/main/cli.sh)

or for an HTML report:

sh <(curl https://raw.githubusercontent.com/tcosolutions/betterscan-ce/main/cli-html.sh)

That’s it. You just checked your code for 2,300+ Checks (Defects, Vulnerabilities, Best Practices, Secrets – 166+ secret types) and 4,000+ YARA rules for Antidebug, Antivm, Crypto, CVE, Exploits Kits, Malware, Web shells, and APTs.

FYI Above will maintain state via (.checkmate folder). Only new commits will be checked.

Use Cases For You

This solutions should be part of DevOps/DevSecOps/Platform Engineering efforts. You can “shift left” your security efforts using below and providing tools to developers.

Asynchronous Installation Of The Whole Platform (Web Interface, Workers etc)

That way you can setup asynchronous DevSecOps feedback for the repositories you set up to scan (daily, on commit etc.)

git clone git@github.com:tcosolutions/betterscan-ce.git
cd betterscan-ce/dockerhub
docker compose up

Local installation On Your Laptop

Just run for CLI:

sh <(curl https://raw.githubusercontent.com/tcosolutions/betterscan-ce/main/cli.sh)

or for an HTML report:

sh <(curl https://raw.githubusercontent.com/tcosolutions/betterscan-ce/main/cli-html.sh)

It will maintain state in .checkmate folder. First run can be longer, next should be very fast. Just re-run the same command on the next iteration.

For more information click here.

Tamil S

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Leave a Comment
Share
Published by
Tamil S
Tags: cybersecurityinformationsecuritykalilinuxkalilinuxtools
1 hour ago

Recent Posts

vArmor : Enhancing Container Security In Cloud-Native Environments

vArmor is a cloud-native container sandbox system. It leverages Linux's AppArmor LSM, BPF LSM and Seccomp technologies to implement enforcers.…

26 mins ago

DOLOST – Harnessing Cyber Deception For Strategic Security Deployments

Explore the cutting-edge framework 'DOLOST,' designed to innovate the field of cyber deception. This tool…

26 mins ago

LDAP Firewall – Enhancing Security With Advanced Active Directory Protection

LDAP Firewall is an open-source tool for Windows servers that lets you audit and restrict incoming…

26 mins ago

CVE-2024-36401 : GeoServer Unauthenticated Remote Code Execution In Evaluating Property Name Expressions

GeoServer is an open-source software server written in Java that provides the ability to view,…

26 mins ago

Betterscan – Comprehensive Security Orchestration For Code And Infrastructure

Scan your source code and infra IaC against top security risks Betterscan is a orchestration toolchain that…

1 day ago

SQLRecon – Comprehensive Guide To SQL Server Exploitation And Defense

SQLRecon is a Microsoft SQL Server toolkit that is designed for offensive reconnaissance and post-exploitation.…

1 day ago