Cyber security

BetterScan-CE Wiki : Integrating Comprehensive Security Scans Into DevOps

It is a Code and Infrastructure (IaC) and Cloud-native Scanning/SAST/Static Analysis/Linting solution using many tools/Scanners with One Report.

You can also add any tool to it. Currently, it supports many languages and tech stacks.

If you like it, please give it a GitHub star/fork/watch/contribute. This will ensure continuous development.

Run this command in your code directory (checkout from Git – .git folder needs to be there, if you work with the normal directory, make the Git repo out of it git init && git add . && git commit etc):

sh <(curl https://raw.githubusercontent.com/tcosolutions/betterscan-ce/main/cli.sh)

or for an HTML report:

sh <(curl https://raw.githubusercontent.com/tcosolutions/betterscan-ce/main/cli-html.sh)

That’s it. You just checked your code for 2,300+ Checks (Defects, Vulnerabilities, Best Practices, Secrets – 166+ secret types) and 4,000+ YARA rules for Antidebug, Antivm, Crypto, CVE, Exploits Kits, Malware, Web shells, and APTs.

FYI Above will maintain state via (.checkmate folder). Only new commits will be checked.

Use Cases For You

This solutions should be part of DevOps/DevSecOps/Platform Engineering efforts. You can “shift left” your security efforts using below and providing tools to developers.

Asynchronous Installation Of The Whole Platform (Web Interface, Workers etc)

That way you can setup asynchronous DevSecOps feedback for the repositories you set up to scan (daily, on commit etc.)

git clone git@github.com:tcosolutions/betterscan-ce.git
cd betterscan-ce/dockerhub
docker compose up

Local installation On Your Laptop

Just run for CLI:

sh <(curl https://raw.githubusercontent.com/tcosolutions/betterscan-ce/main/cli.sh)

or for an HTML report:

sh <(curl https://raw.githubusercontent.com/tcosolutions/betterscan-ce/main/cli-html.sh)

It will maintain state in .checkmate folder. First run can be longer, next should be very fast. Just re-run the same command on the next iteration.

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Install Mono on Ubuntu 18.04: C# Compiler and Runtime Guide

Running programs built for Microsoft's framework on a Linux system is easier than you think. Mono is…

2 hours ago

Install OpenCV on Ubuntu 18.04: Step-by-Step Setup Guide

Computer vision technology powers many modern applications, from image editors to facial scanners. OpenCV (Open Source Computer…

2 hours ago

Install VNC on Ubuntu 18.04: Step-by-Step TigerVNC Setup

A remote desktop interface makes it easy to manage a remote computer. VNC (Virtual Network Computing) is…

2 hours ago

Install Gitea on Ubuntu 18.04: Self-Hosted Git Service Guide

Hosting your own code repositories is a great way to keep your projects private. Gitea is a…

3 hours ago

Install Java on Ubuntu 18.04: OpenJDK 11 and OpenJDK 8

Many modern programs require Java to run. From development tools like Eclipse to search systems…

3 hours ago

Configure a Static IP Address on Ubuntu 18.04: Netplan Guide

Setting a static IP address on your server is a smart move. It ensures your…

1 day ago