scan-io

command module
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 5, 2025 License: MIT Imports: 1 Imported by: 0

README


Scanio ⥀

All-in-One Multitool for Enhanced Security

What is Scanio?

Scanio simplifies security scanning for organizations by combining multiple open-source and enterprise-grade scanners into a single, customizable solution. Designed for teams with limited budgets, it enables teams to secure code efficiently and cost-effectively. By unifying interfaces and eliminating the need to develop tools and approaches for security processes from scratch, Scanio helps improve code quality, supports compliance efforts, and strengthens applications against vulnerabilities.

Key Features

  • Unified Interface: Use multiple scanners (e.g., Semgrep, Bandit, Trufflehog, CodeQL) with consistent commands and flags, reducing the learning curve for security teams and developers.
  • Scalability: Adaptable for small teams or large enterprises, providing flexibility for diverse security scanning needs.
  • Containerized Deployment: Prepackaged with dependencies, plugins, and rule sets for quick and hassle-free setup.
  • Compliance Simplified: Streamlines security processes across development stages, reducing effort and investment.
  • Comprehensive Integration Support: Scanio seamlessly handles tasks such as code cloning, managing pull requests, and uploading scan results across VCS platforms like GitHub, GitLab, and Bitbucket.
  • Infrastructure Ready: Configure and deploy Scanio with ease, using custom rules, configurations, and plugins. Extensible and Flexible: Designed for security applications but easily extends to QA and DevOps via its plugin-based architecture.
  • Advanced SARIF Integration: SARIF report patching to meet specific requirements for enhanced usability and Transform SARIF data into accessible HTML reports with interactive elements like code snippets and links.

Usage Scenarios

Each of these scenarios can be supported by specialized rule sets crafted for specific purposes or tailored to individual projects.

Ad hoc Scanning
Ideal for security teams and developers looking to perform spot checks or analyze specific pieces of code manually during:

  • Scan code during development.
  • Perform security audits.

Automated Background Scanning
Identify vulnerabilities and secrets in the codebase as a periodic process.

CI/CD Pipeline Scanning
Automatically scan new code changes during branch merges.

Getting Started

Quick Start

Run your first scan:

git clone https://github.com/juice-shop/juice-shop
cd juice-shop
docker run -it -v $(pwd):/data ghcr.io/scan-io-git/scan-io analyse --scanner semgrep /data

Installation

  1. Installation with Docker:
docker pull ghcr.io/scan-io-git/scan-io
  1. Build and run from source:
git clone https://github.com/scan-io-git/scan-io
cd scan-io
make build docker

Documentation

Explore Scanio's comprehensive documentation, structured using the Diátaxis framework.

The documentation covers everything you need to know, including tutorials, how-to guides, conceptual explanations, and technical references, to help you use and extend Scanio effectively.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
cmd
analyse
fetch
integration-vcs
list
version
internal
bitbucket
dojo
fetcher
git
sarif
scanner
template
utils
vcsintegrator
pkg
shared
shared/config
shared/errors
shared/files
shared/httpclient
shared/logger
shared/validation
shared/vcsurl
plugins
bandit
bitbucket
codeql
github
gitlab
semgrep
trufflehog
trufflehog3
trufflehog3/internal

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.