{"id":13539711,"url":"https://github.com/coinbase/salus","last_synced_at":"2025-04-09T18:32:05.590Z","repository":{"id":37446553,"uuid":"153349500","full_name":"coinbase/salus","owner":"coinbase","description":"We would like to request that all contributors please clone a *fresh copy* of this repository since the September 21st maintenance.","archived":false,"fork":false,"pushed_at":"2024-01-12T16:43:56.000Z","size":78711,"stargazers_count":25,"open_issues_count":40,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-24T10:38:16.147Z","etag":null,"topics":["audit","brakeman","circleci","coinbase","cves","golang","gosec","js","npm","ruby-on-rails","salus","security-scanner","security-scanners","security-tools","static-analysis","yarn"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/coinbase.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-10-16T20:25:54.000Z","updated_at":"2024-12-12T08:38:57.000Z","dependencies_parsed_at":"2023-02-19T16:01:23.416Z","dependency_job_id":"f6084323-da47-4670-ad3b-ae9c4b71e539","html_url":"https://github.com/coinbase/salus","commit_stats":null,"previous_names":[],"tags_count":112,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/coinbase%2Fsalus","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/coinbase%2Fsalus/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/coinbase%2Fsalus/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/coinbase%2Fsalus/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/coinbase","download_url":"https://codeload.github.com/coinbase/salus/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248087842,"owners_count":21045598,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audit","brakeman","circleci","coinbase","cves","golang","gosec","js","npm","ruby-on-rails","salus","security-scanner","security-scanners","security-tools","static-analysis","yarn"],"created_at":"2024-08-01T09:01:30.748Z","updated_at":"2025-04-09T18:32:00.579Z","avatar_url":"https://github.com/coinbase.png","language":"HTML","readme":"\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/coinbase/salus\"\u003e\n    \u003cimg width=\"350px\" alt=\"Salus\" src=\"logo.png\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\u003ch3 align=\"center\"\u003e\n   Salus: Guardian of Code Safety and Security\n\u003c/h3\u003e\n\n\n[![CircleCI](https://circleci.com/gh/coinbase/salus/tree/master.svg?style=svg)](https://circleci.com/gh/coinbase/salus/tree/master)\n\n## 🔍 Overview\n\nSalus (Security Automation as a Lightweight Universal Scanner), named after the [Roman goddess of protection](https://en.wikipedia.org/wiki/Salus), is a tool for coordinating the execution of security scanners. You can run Salus on a repository via the Docker daemon and it will determine which scanners are relevant, run them and provide the output. Most scanners are other mature open source projects which we include directly in the container.\n\nSalus is particularly useful for CI/CD pipelines because it becomes a centralized place to coordinate scanning across a large fleet of repositories. Typically, scanners are configured at the repository level for each project. This means that when making org wide changes to how the scanners are run, each repository must be updated. Instead, you can update Salus and all builds will instantly inherit the change.\n\nSalus supports powerful configuration that allows for global defaults and local tweaks. Finally, Salus can report metrics on each repository, such as what packages are included or what concerns exist. These reports can be centrally evaluated in your infrastructure to allow for scalable security tracking.\n\n## Using Salus\n\n```sh\n# Navigate to the root directory of the project you want to run Salus on\ncd /path/to/repo\n\n# Run the following line while in the root directory (No edits necessary)\ndocker run --rm -t -v $(pwd):/home/repo coinbase/salus\n```\n\n## Supported Scanners\n\n- [Bandit](docs/scanners/bandit.md) - Execution of [Bandit](https://pypi.org/project/bandit/) 1.6.2, looks for common security issues in Python code.\n- [Brakeman](docs/scanners/brakeman.md) - Execution of [Brakeman](https://brakemanscanner.org/) 5.3.1, looks for vulnerable code in Rails projects.\n- [semgrep](docs/scanners/semgrep.md) - Execution of [`semgrep`](https://semgrep.dev) 1.0.0, which looks for semantic and syntactical patterns in code at the AST level.\n- [BundleAudit](docs/scanners/bundle_audit.md) - Execution of [bundle-audit](https://github.com/rubysec/bundler-audit) 0.8.0, looks for CVEs in ruby gem dependencies.\n- [Gosec](docs/scanners/gosec.md) - Execution of [gosec](https://github.com/securego/gosec) 2.11.0, looks for security problems in go code.\n- [npm audit](docs/scanners/npm_audit.md) - Execution of [`npm audit`](https://docs.npmjs.com/getting-started/running-a-security-audit) 6.14.8 which looks for CVEs in node module dependencies.\n- [yarn audit](docs/scanners/yarn_audit.md) - Execution of [`yarn audit`](https://yarnpkg.com/lang/en/docs/cli/audit/) 1.22.0 which looks for CVEs in node module dependencies.\n- [PatternSearch](docs/scanners/pattern_search.md) - Execution of [`sift`](https://sift-tool.org/docs) 0.9.0, looks for certain strings in a project that might be dangerous or could require that certain strings be present.\n- [TruffleHog](docs/scanners/truffle_hog.md) - Execution of [`TruffleHog`](https://github.com/trufflesecurity/trufflehog) 3.19.0, looks for leaked credentials.\n- [Cargo Audit](docs/scanners/cargo_audit.md) - Execution of [Cargo Audit](https://github.com/RustSec/cargo-audit) 0.14.0 Audit Cargo.lock files for crates with security vulnerabilities reported to the RustSec Advisory Database\n\n## Dependency Tracking\n\nSalus also parses dependency files and reports which libraries and versions are being used. This can be useful for tracking dependencies across your fleet.\n\nCurrently supported languages are:\n- Ruby\n- Node.js (Javascript)\n- Python\n- Go\n- Rust\n\n## Configuration\n\nSalus is designed to be [highly configurable](docs/configuration.md) so that it can work in many different types of environments and with many different scanners. It supports environment variable interpolation and cascading configurations, and can read configuration and post reports over HTTP.\n\nSometimes it's necessary to ignore certain CVEs, rules, tests, groups, directories, or otherwise modify the default configuration for a scanner. The [docs/scanners directory](docs/scanners) explains how to do so for each scanner that Salus supports.\n\nIf you would like to build custom scanners or support more languages that are not currently supported, you can use [this method of building custom Salus images](docs/custom_salus.md).\n\n## CircleCI Integration\n\nSalus can be integrated with CircleCI by using a public Orb. All Salus configuration options are supported, and defaults are the same as for Salus itself.\n\nExample CircleCI `config.yml`:\n\n```\nversion: 2.1\n\norbs:\n  salus: federacy/salus@3.0.0\n\nworkflows:\n  main:\n    jobs:\n      - salus/scan\n```\n\n[Orb documentation](integrations/circleci/README.md)\n\n## Github Actions Integration\n\nSalus can also be used with Github Actions.\n\nExample `.github/workflows/main.yml`:\n\n```\non: [push]\n\njobs:\n  salus_scan_job:\n    runs-on: ubuntu-latest\n    name: Salus Security Scan Example\n    steps:\n    - uses: actions/checkout@v1\n    - name: Salus Scan\n      id: salus_scan\n      uses: federacy/scan-action@0.1.1\n```\n\n[Github Action documentation](https://github.com/federacy/scan-action)\n\n## Using Salus in your Repo\n\nFor your given CI, update the config file to run salus. In circle, it will look like this: \n\n```sh\ndocker run --rm -t -v $(pwd):/home/repo coinbase/salus\n```\n\ncoinbase/salus pulls the docker image\n\n\n## [Detailed Documentation](docs)\n\n## 👷‍♂️ Development\n\nContribution to this project is extremely welcome and it's our sincere hope that the work we've done to this point only serves as a foundation for allowing the security/development communities as a whole to come together to improve the security of **everyone's** infrastructure.\n\nYou can read more about [getting your development environment set up](docs/development.md), or [the architecture of Salus](docs/architecture.md).\n\nYou can also find [steps to add a new scanner to Salus](docs/adding_scanner.md)\n\n## 📃 License\n\nThis project is available open source under the terms of the [Apache 2.0 License](https://opensource.org/licenses/Apache-2.0).\n","funding_links":[],"categories":["\u003ca id=\"8f92ead9997a4b68d06a9acf9b01ef63\"\u003e\u003c/a\u003e扫描器\u0026\u0026安全扫描\u0026\u0026App扫描\u0026\u0026漏洞扫描","Инструменты","HTML","\u003ca id=\"132036452bfacf61471e3ea0b7bf7a55\"\u003e\u003c/a\u003e工具","Multi tools"],"sub_categories":["\u003ca id=\"de63a029bda6a7e429af272f291bb769\"\u003e\u003c/a\u003e未分类-Scanner","Статические анализаторы приложений (SAST)"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcoinbase%2Fsalus","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcoinbase%2Fsalus","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcoinbase%2Fsalus/lists"}