{"id":13652815,"url":"https://github.com/insidersec/insider","last_synced_at":"2025-04-05T04:14:53.146Z","repository":{"id":41552344,"uuid":"221302256","full_name":"insidersec/insider","owner":"insidersec","description":"Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).","archived":false,"fork":false,"pushed_at":"2022-04-10T21:40:27.000Z","size":4599,"stargazers_count":490,"open_issues_count":20,"forks_count":80,"subscribers_count":17,"default_branch":"master","last_synced_at":"2024-05-22T08:10:39.866Z","etag":null,"topics":["android","android-security","cli","csharp","dotnet","insider","ios","ios-security","javascript","kotlin","maven","nodejs","owasp","sast","security-automation","security-scanner","security-tools","static-analysis","static-analyzer","swift"],"latest_commit_sha":null,"homepage":"https://insidersec.io","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/insidersec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null}},"created_at":"2019-11-12T20:07:31.000Z","updated_at":"2024-05-16T09:30:11.000Z","dependencies_parsed_at":"2022-08-03T09:30:21.385Z","dependency_job_id":null,"html_url":"https://github.com/insidersec/insider","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/insidersec%2Finsider","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/insidersec%2Finsider/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/insidersec%2Finsider/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/insidersec%2Finsider/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/insidersec","download_url":"https://codeload.github.com/insidersec/insider/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247117756,"owners_count":20886439,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","android-security","cli","csharp","dotnet","insider","ios","ios-security","javascript","kotlin","maven","nodejs","owasp","sast","security-automation","security-scanner","security-tools","static-analysis","static-analyzer","swift"],"created_at":"2024-08-02T02:01:03.025Z","updated_at":"2025-04-05T04:14:53.119Z","avatar_url":"https://github.com/insidersec.png","language":"Go","readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://www.insidersec.io/wp-content/uploads/2020/11/cover-linkedin2.png\"\u003e\n  \u003cp align=\"center\"\u003e\n    \u003ca href=\"https://github.com/insidersec/insider/actions?query=workflow%3ACI\"\u003e\n      \u003cimg src=\"https://github.com/insidersec/insider/workflows/CI/badge.svg\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://github.com/insidersec/insider/blob/master/LICENSE\"\u003e\n      \u003cimg src=\"https://img.shields.io/badge/license-MIT-green.svg\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://github.com/insidersec/insider/releases\"\u003e\n      \u003cimg src=\"https://img.shields.io/github/v/release/insidersec/insider\"\u003e\n    \u003c/a\u003e\n  \u003c/p\u003e\n\u003c/p\u003e\n\nThis document is also available in [`Portuguese`](https://github.com/insidersec/insider/blob/master/README_pt-br.md).\n\nInsider is the [OSS](https://opensource.org/) CLI project from the [Insider Application Security](https://insidersec.io) Team for the community.\n\nInsider is focused on covering the [OWASP Top 10](https://owasp.org/www-project-top-ten/), to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline.\n\nWe currently support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).\n\nThere is a Github Action that permits you protect your repository with Insider, free, easy to integrate and frictionless. It is the most easy way to protect your code directly on your repository. [Take a look - Insider-Action](https://github.com/insidersec/insider-action)\n\n---\n\n### Installation\n\nYou can install Insider using precompiled binaries or from source.\n\n#### Precompiled binaries\n\nWe have precompiled binaries for Linux, Windows and macOS operational systems that you can find [here.](https://github.com/insidersec/insider/releases)\n\nHave fun! :rocket:\n\n---\n\n### Usage\n\n```\ninsider is the CLI project from the Insider Application Security Team for the community\n\nUsage:\n  -exclude value\n        Patterns to exclude directory or files to analyze. Can be used multiple times\n  -jobs int\n        Number of analysis to execute in parallel (default 4)\n  -no-html\n        Skips the report generation in the HTML format\n  -no-json\n        Skips the report generation in the JSON format\n  -quiet\n        No output logs of execution\n  -security float\n        Set the Security level, values between 0 and 100 (default 0)\n  -target string\n        Specify where to look for files to run the specific ruleset\n  -tech string\n        Specify which technology ruleset to load\n  -v    Enable verbose output\n  -version\n        Show version and quit with exit code 0\n\nSupported technologies:\n        android\n        java\n        ios\n        javascript\n        csharp\n\nExample of use:\n        # Run JavaScript analysis on specific directoty\n        insider -tech javascript -target \u003cdirectory\u003e\n\n        # Run Android analysis on specific directoty and ignore html and json report\n        insider -tech android -target \u003cdirectory\u003e -no-html -no-json\n\n        # Run Java analysis on specific directoty with a base security value to fail\n        insider -tech java -target \u003cdirectory\u003e -security 20\n\n        # Run JavaScript analysis on specific directoty and exclude node_modules and test files\n        insider -tech javascript -target \u003cdirectory\u003e -exclude tests/* -exclude node_modules/*\n\n```\n\n---\n\n### Example\n\n```bash\n# Check the correct release for your environment\n$ wget https://github.com/insidersec/insider/releases/download/2.1.0/insider_2.1.0_linux_x86_64.tar.gz\n$ tar -xf insider_2.1.0_linux_x86_64.tar.gz \n$ chmod +x insider\n$ ./insider --tech javascript  --target \u003cprojectfolder\u003e\n```\n\n---\n\n### Docker\n\nYou can also run `insider` in a container. You only need to mount the target into a volume:\n\n```bash\n$ docker run --rm -v $(pwd):/target-project insidersec/insider -tech \u003ctech\u003e -target /target-project\n\n```\n\n---\n\n### Demo\n\n![Gif](demo.gif)\n\n---\n\n### Contribution\n\n- Your contributions and suggestions are heartily ♥ welcome. [See here the contribution guidelines.](/.github/CONTRIBUTING.md) Please, report bugs via [issues page.](https://github.com/insidersec/insider/issues) See here the [security policy](/.github/SECURITY.md) for report security issues. (✿ ◕‿◕)\n\n---\n#### Building from source\n\nTo build Insider from source you'll need at least [Go version 1.13](https://golang.org/dl/) working.\n\n```bash\n$ go get github.com/insidersec/insider/cmd/insider\n```\n---\n\n### License\n\n\n- This work is licensed under [MIT](/LICENSE).\n","funding_links":[],"categories":["Web","Continuous Security Testing","Go","Go (531)","Static Application Security Testing","Automation"],"sub_categories":["Development"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finsidersec%2Finsider","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finsidersec%2Finsider","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finsidersec%2Finsider/lists"}