SCodeScanner stands for Supply Code scanner the place the person can scans the supply code for locating the Crucial Vulnerabilities. The principle goal for this scanner is to seek out the vulnerabilities contained in the supply code earlier than code will get printed in Prod.
Options
- Supported PHP Language
- Supported YAML Language
- Cross outcomes to bug monitoring companies like Jira additionally Slack (Sending recordsdata to group to a number of folks without delay).
- Offers ends in JSON format, which may simply be used to some other program.
- Works with Guidelines. We solely must create some guidelines which the goal rule is just not current in php/yaml listing.
- Guidelines that may scan advance patterns
Achievements
SCodeScanner acquired 5 CVEs for locating vulnerabilities in a number of CMS plugins.
- CVE-2022-1465
- CVE-2022-1474
- CVE-2022-1527
- CVE-2022-1532
- CVE-2022-1604
How one can run?
- Obtain the repository –
- Run
pip3 set up -r necessities.txt
- And run
python3 scscanner.py --help
Suggestions/Imporvements
I’d love to listen to your suggestions on this device. Open points when you discovered any. And open PR request if in case you have one thing.