{"id":13422094,"url":"https://github.com/lunasec-io/lunasec","last_synced_at":"2025-05-15T09:07:17.555Z","repository":{"id":37049752,"uuid":"348217288","full_name":"lunasec-io/lunasec","owner":"lunasec-io","description":"LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/ ","archived":false,"fork":false,"pushed_at":"2024-05-02T03:35:48.000Z","size":307025,"stargazers_count":1445,"open_issues_count":97,"forks_count":168,"subscribers_count":29,"default_branch":"master","last_synced_at":"2025-04-14T15:56:54.936Z","etag":null,"topics":["compliance","continuous-delivery","cve-scanning","cybersecurity","dependency-analysis","devsecops","gdpr","log4shell","pci-dss","sbom","sbom-generator","scanning","scanning-tool","security","security-tools","soc2","software-composition-analysis","tokenization","web-security","zero-trust"],"latest_commit_sha":null,"homepage":"https://www.lunasec.io/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lunasec-io.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"lunasec-io","custom":"https://www.lunasec.io/contact"}},"created_at":"2021-03-16T04:48:50.000Z","updated_at":"2025-04-08T09:05:27.000Z","dependencies_parsed_at":"2023-02-17T02:46:09.812Z","dependency_job_id":"be170765-b2a7-4174-821b-1532a63f62b2","html_url":"https://github.com/lunasec-io/lunasec","commit_stats":{"total_commits":2579,"total_committers":35,"mean_commits":73.68571428571428,"dds":0.6967816983326871,"last_synced_commit":"721146d9f0fa6bd64dd9fd7ef1d27164ff29a2b5"},"previous_names":["lunasec-io/lunasec-monorepo"],"tags_count":16,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lunasec-io%2Flunasec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lunasec-io%2Flunasec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lunasec-io%2Flunasec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lunasec-io%2Flunasec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lunasec-io","download_url":"https://codeload.github.com/lunasec-io/lunasec/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254310515,"owners_count":22049469,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["compliance","continuous-delivery","cve-scanning","cybersecurity","dependency-analysis","devsecops","gdpr","log4shell","pci-dss","sbom","sbom-generator","scanning","scanning-tool","security","security-tools","soc2","software-composition-analysis","tokenization","web-security","zero-trust"],"created_at":"2024-07-30T23:00:36.783Z","updated_at":"2025-05-15T09:07:12.536Z","avatar_url":"https://github.com/lunasec-io.png","language":"TypeScript","funding_links":["https://github.com/sponsors/lunasec-io","https://www.lunasec.io/contact"],"categories":["UI Components","Datastores","TypeScript","security-tools","cybersecurity"],"sub_categories":["Form Components","Online resources"],"readme":"\u003c!--\n  ~ Copyright by LunaSec (owned by Refinery Labs, Inc)\n  ~\n  ~ Licensed under the Creative Commons Attribution-ShareAlike 4.0 International\n  ~ (the \"License\"); you may not use this file except in compliance with the\n  ~ License. You may obtain a copy of the License at\n  ~\n  ~ https://creativecommons.org/licenses/by-sa/4.0/legalcode\n  ~\n  ~ See the License for the specific language governing permissions and\n  ~ limitations under the License.\n  ~\n--\u003e\n\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src='docs/static/img/logo-black-text.svg' width='60%'\u003e\n\u003c/p\u003e\n\n# LunaTrace\n\nLunaTrace is an Open Source supply chain security and auditing tool. At its heart is a web console the tracks your projects and their dependencies, looking for vulnerabilities and other issues. This console is provided as a SAAS ([available here for free](https://lunatrace.lunasec.io/)) or you can deploy it and manage it yourself.\n\nPlease see our [LunaTrace documentation](https://www.lunasec.io/docs/pages/lunatrace/overview/introduction/) for more information.\n\n## Short Introduction Video\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://www.youtube.com/watch?v=ugdSyR2L6sY\"\u003e\n    \u003cimg alt=\"LunaTrace Introduction Video\" src=\"https://img.youtube.com/vi/ugdSyR2L6sY/maxresdefault.jpg\" width=\"70%\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n## Repo Structure\n\nWe're a team of Security Engineers on a mission to make awesome Open Source Application Security tooling. It all lives\nin this monorepo and here's a breakdown of where everything we've built lives.\n\n- **[LunaTrace](./lunatrace)**: A free alternative to services like GitHub Dependabot or [Snyk](https://snyk.io) that \nautomatically monitors for your dependencies for vulnerabilities. It automatically integrates with GitHub Pull Requests\nto notify you of new CVEs _before_ you deploy to production. Try it out in one-click via our [GitHub App](https://github.com/apps/lunatrace-by-lunasec/). \n    - **Status**: Production ready and under active development (our primary focus).\n- **[Log4Shell CLI](./tools/log4shell)**: A small command line utility to scan for Log4Shell. Also supports patching JAR files against\n  Log4Shell, scanning running processes on your system, and more. Follow our\n  [Mitigation Guide](https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/) for more context.\n    - **Status**: Production ready and used by thousands of companies. Superseded by LunaTrace.\n- **[Our Security Blog](https://www.lunasec.io/docs/blog/)**: Our ramblings to the internet. This is where we broke the news about the log4j vulnerability and gave it the name [Log4Shell](https://www.lunasec.io/docs/blog/tags/log-4-shell).  The blog lives in this repo under `/docs/blog` if you feel \n like contributing!\n    - **Status**: Continuously updated and any requests for us to write about topics is encouraged.\n- **[LunaDefend](./lunadefend)**: An end-to-end suite of security software built \n around Tokenization designed to _proactively_ protect your sensitive data from being hacked, as well as providing an \n easier path towards compliance (SOC2, GDPR, PCI-DSS, etc).\n    - **Status**: Unmaintained (but feel free to open issues).\n\n## Support\n\nIf you find yourself stuck, you're missing a feature, or you just want to clear up some confusion, then please\n[join our Discord Community](https://discord.gg/2EbHdAR5w7) to speak with us.\n\nWe're a small team and we're always looking for more feedback about what problems we can help solve, so we'd love if you took a moment to [try out LunaTrace](https://lunatrace.lunasec.io) and, if you like it, share it with your colleagues and friends. The hardest part of our mission to build better security tools is simply getting people to realize that they exist!\n\n## Contributing\nWe welcome community contributions and we've documented the requirements for contributions [here](CONTRIBUTING.md).\n\nIf you'd like to contribute ideas or feedback, you can do so by either [opening a GitHub issue](https://github.com/lunasec-io/lunasec/issues/new) or [speaking with us on Discord](https://discord.gg/2EbHdAR5w7).\n\n## See Also\n\nFor more information about LunaSec including tutorials, examples, and technical information, please visit\nour [documentation](https://www.lunasec.io/docs/).  \nFor marketing information, sales, or to get in touch, visit our website: [https://www.lunasec.io/](https://www.lunasec.io/).\n\nThe rest of this ReadMe explains how to work on LunaSec itself.  If you simply want to use LunaSec, please see the documentation.\n\n# Contributing\nPlease read our [contributor instructions](https://github.com/lunasec-io/lunasec-monorepo/blob/master/CONTRIBUTING.md)\nbefore forking and submitting a pull request.  It's short and it's very helpful if you're going to be working on LunaSec.\n\n## Feedback\nOur goal is to create a sustainable business to support LunaSec, while also building an Open Source community. If you have thoughts on how we can improve our\napproach, we would love to hear from you.\n\nPlease email us at `developer-feedback at lunasec dot io` *or* file an issue on this repository.\n\n## Release Process\nThe release process will be handled automatically by our CI/CD system.   \n\nUnder the hood, the release process is split up into four parts:\n1. Version bump\n1. Compile artifacts\n1. Publish artifacts\n1. Push version tag to repository\n\nBreaking this process up ensures that every part completes without error before moving onto the next step. This greatly reduces the event that some artifacts get published and others do not, leading to a headache of a time debugging a release.\n\nDeployment of the releases is done by GitHub Actions.\n## Version\nVersioning for releases is done by lerna.\n## Compile\nSince the monorepo has both go and node code, compilation happens in multiple places. For the node sdks, every package has their own compilation package.json script which gets run. The entrypoint which calls into each package’s script is here. For the go code, all compilation code exists within the Makefile under the release target.\n## Publish\nFor node artifacts, everything is handled by lerna. For go, publishing is handled by the publish target of the Makefile. Artifacts end up in NPM, DockerHub, and Github.\n## Push\nThe version tag that gets pushed contains the version changes for the bumped monorepo version. Here is an example commit.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flunasec-io%2Flunasec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flunasec-io%2Flunasec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flunasec-io%2Flunasec/lists"}