¶ NodeJS Scanner
https://github.com/ajinabraham/nodejsscan
NodeJS Scanner is static security code scanner (SAST) for Node.js applications powered by libsast and semgrep.
¶ Libsast
Libsast is Generic SAST for Security Engineers. Powered by regex based pattern matcher and semantic aware semgrep.
¶ Semgrep
Semgrep is a fast, open-source, static analysis engine for finding bugs, detecting vulnerabilities in third-party dependencies, and enforcing code standards.
The Semgrep ecosystem includes:
-
Semgrep - The open-source command line tool at the heart of everything (this project).
-
Semgrep Supply Chain - high-signal dependency scanner that detects reachable vulnerabilities in third-party libraries and functions across the SDLC.
-
Semgrep App - Deploy, manage, and monitor Semgrep and Semgrep Supply Chain at scale with free and paid tiers. Integrates with CI providers such as GitHub, GitLab, CircleCI, and more.
-
Semgrep Playground - An online interactive tool for writing and sharing rules.
-
Semgrep Registry - 2,000+ community-driven rules covering security, correctness, and dependency vulnerabilities.
¶ Findings
