Grepmarx is a web application providing a single platform to quickly understand, analyze and identify vulnerabilities in possibly large and unknown code bases.
SAST (Static Analysis Security Testing) capabilities:
SCA (Software Composition Analysis) capabilities:
Extra
Scan customization
Analysis workbench
Rule pack edition
Grepmarx is provided with a configuration to be executed in Docker and Gunicorn.
Make sure you have docker-composer installed on the system, and the docker daemon is running. The application can then be easily executed in a docker container. The steps:
Get the code
$ git clone https://github.com/Orange-Cyberdefense/grepmarx.git $ cd grepmarx
Start the app in Docker
$ sudo docker-compose pull && sudo docker-compose build && sudo docker-compose up -d
Visit http://localhost:5000
in your browser. The app should be up & running.
Note: a default user account is created on first launch (user=admin / password=admin). Change the default password immediately.
Gunicorn ‘Green Unicorn’ is a Python WSGI HTTP Server for UNIX. A supervisor configuration file is provided to start it along with the required Celery worker (used for security scans queuing).
Install using pip
$ pip install gunicorn supervisor
Start the app using gunicorn binary
$ supervisord -c supervisord.conf
Visit http://localhost:8001
in your browser. The app should be up & running.
Note: a default user account is created on first launch (user=admin / password=admin). Change the default password immediately.
Get the code
$ git clone https://github.com/Orange-Cyberdefense/grepmarx.git $ cd grepmarx
Install virtualenv modules
$ virtualenv env $ source env/bin/activate
Install Python modules
$ # SQLite Database (Development) $ pip3 install -r requirements.txt $ # OR with PostgreSQL connector (Production) $ # pip install -r requirements-pgsql.txt
Install additionnal requirements
# Dependency scan (cdxgen / depscan) requirements $ sudo apt install npm openjdk-17-jdk maven gradle golang composer $ sudo npm install -g @cyclonedx/cdxgen $ pip install appthreat-depscan
A Redis server is required to queue security scans. Install the redis
package with your favorite distro package manager, then:
$ redis-server
Set the FLASK_APP environment variable
$ export FLASK_APP=run.py $ # Set up the DEBUG environment $ # export FLASK_ENV=development
Start the celery worker process
$ celery -A app.celery_worker.celery worker --pool=prefork --loglevel=info --detach
Start the application (development mode)
$ # --host=0.0.0.0 - expose the app on all network interfaces (default 127.0.0.1) $ # --port=5000 - specify the app port (default 5000) $ flask run --host=0.0.0.0 --port=5000
Access grepmarx in browser: http://127.0.0.1:5000/
Note: a default user account is created on first launch (user=admin / password=admin). Change the default password immediately.
Grepmarx – Provided by Orange Cyberdefense.
Please consider following and supporting us to stay updated with the latest info
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…