{"id":13575097,"url":"https://github.com/murphysecurity/murphysec","last_synced_at":"2025-05-14T01:02:20.452Z","repository":{"id":37295434,"uuid":"470409319","full_name":"murphysecurity/murphysec","owner":"murphysecurity","description":"An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全，具备专业的软件成分分析（SCA）、漏洞检测、专业漏洞库。","archived":false,"fork":false,"pushed_at":"2024-10-29T07:46:53.000Z","size":4590,"stargazers_count":1667,"open_issues_count":11,"forks_count":170,"subscribers_count":25,"default_branch":"v3","last_synced_at":"2024-10-29T15:10:33.706Z","etag":null,"topics":["codescan","dependency","sca","scanner","security","software-composition-analysis","software-supply-chain","vulnerability-detection"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/murphysecurity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-03-16T02:52:33.000Z","updated_at":"2024-10-29T09:49:12.000Z","dependencies_parsed_at":"2024-01-11T13:44:42.448Z","dependency_job_id":"646484a7-3ba9-401b-8aa7-f81ca8cf411e","html_url":"https://github.com/murphysecurity/murphysec","commit_stats":{"total_commits":1229,"total_committers":19,"mean_commits":64.6842105263158,"dds":"0.22375915378356392","last_synced_commit":"e1c94c200ccead25889d48823785a14846c7a1eb"},"previous_names":[],"tags_count":185,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/murphysecurity%2Fmurphysec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/murphysecurity%2Fmurphysec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/murphysecurity%2Fmurphysec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/murphysecurity%2Fmurphysec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/murphysecurity","download_url":"https://codeload.github.com/murphysecurity/murphysec/tar.gz/refs/heads/v3","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248202091,"owners_count":21064263,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["codescan","dependency","sca","scanner","security","software-composition-analysis","software-supply-chain","vulnerability-detection"],"created_at":"2024-08-01T15:00:58.250Z","updated_at":"2025-04-10T10:47:59.212Z","avatar_url":"https://github.com/murphysecurity.png","language":"Go","readme":"\n[中文](README_ZH.md) | EN\n\n**MurphySec CLI** is used for detecting vulnerable dependencies from the command-line, and also can be integrated into your CI/CD pipeline.\n\n\u003cp\u003e\n\n  \u003ca href=\"https://www.oscs1024.com/cd/1522831757949284352\"\u003e\n    \u003cimg src=\"https://www.oscs1024.com/platform/badge/murphysecurity/murphysec.svg\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/murphysecurity/murphysec\"\u003e\n    \u003cimg src=\"https://badgen.net/badge/Github/murphysecurity/21D789?icon=github\"\u003e\n  \u003c/a\u003e\n\n\u003cimg src=\"https://img.shields.io/github/go-mod/go-version/murphysecurity/murphysec.svg?style=flat-square\"\u003e\n  \u003ca href=\"https://github.com/murphysecurity/murphysec/blob/master/LICENSE\"\u003e\n    \u003cimg alt=\"GitHub\" src=\"https://img.shields.io/github/license/murphysecurity/murphysec?style=flat-square\"\u003e\n  \u003c/a\u003e\n  \u003cimg alt=\"GitHub last commit\" src=\"https://img.shields.io/github/last-commit/murphysecurity/murphysec?style=flat-square\"\u003e\n  \u003cimg alt=\"GitHub Repo stars\" src=\"https://img.shields.io/github/stars/murphysecurity/murphysec?style=social\"\u003e\n  \u003c/p\u003e\n\n## Features\n1. Analyze dependencies being used by your project, including direct and indirect dependencies\n2. Detect known vulnerabilities in project dependencies\n\n\n### Screenshots\n\n- CLI scan result\n\n  \u003cimg alt=\"cli output\" src=\"./assets/cli.png\" width=\"80%\"\u003e\n \n- scan result page\n\n  \u003cimg alt=\"scan result\" src=\"./assets/scan-result.png\" width=\"80%\"\u003e\n  \u003cimg alt=\"scan result\" src=\"./assets/scan-detail-result.png\" width=\"80%\"\u003e\n\n\n## Table of Contents\n1. [Supported languages](#supported-languages)\n2. [How it works](#how-it-works)\n3. [Working Scenarios](#working-scenarios)\n4. [Getting Started](#getting-started)\n5. [Command Introduction](#command-introduction)\n6. [Communication](#communication)\n7. [License](#license)\n\n\n## Supported languages\n\nCurrently supports Java, JavaScript, Golang. Other development languages will be gradually supported in the future.\n\nWant to learn more about language support? [check out our documentation](https://www.murphysec.com/docs/faqs/quick-start-for-beginners/programming-language-supported.html)\n\n\n## How it works\n1. MurphySec CLI obtains the dependency information of your project mainly by building the project or parsing the package manifest files.\n\n1. The dependency information of the project will be uploaded to the server, and the dependencies with security issues in the project will be identified through the vulnerability knowledge base maintained by MurphySec.\n\n![cli-flowchart](./assets/flowchart.png)\n\n\u003e Note: MurphySec CLI will only send the dependencies and basic information of your project to server for identifying the dependencies with security issues, and will not upload any code snippets.\n\n\n\n## Working Scenarios\n1. To detect security issues in your code locally\n2. To detect security issues in CI/CD pipeline \n\n[Learn how to integrate MurphySec CLI in Jenkins](https://www.murphysec.com/docs/faqs/integration/jenkins.html)\n\n\n\n## Getting Started\n\n### 1. Install MurphySec CLI\nVisit the [GitHub Releases](https://github.com/murphysecurity/murphysec/releases/latest) page to download the latest version of  MurphySec CLI, or install it by running:\n\n#### Linux\n\n```\nwget -q https://s.murphysec.com/release/install.sh -O - | /bin/bash\n```\n#### OSX\n\n```\ncurl -fsSL https://s.murphysec.com/release/install.sh | /bin/bash\n```\n\n#### WINDOWS\n\n```\npowershell -Command \"iwr -useb https://s.murphysec.com/release/install.ps1 | iex\"\n```\n\n\n### 2. Get access token\n\n\u003e MurphySec CLI requires an access token from your MurphySec account for authentication to work properly. [What is an access token?](https://www.murphysec.com/docs/faqs/project-management/access-token.html) \n\nGo to [MurphySec platform - Access Token](https://www.murphysec.com/console/set/token), click the copy button after the Token, then the access token is copied to the clipboard.\n\n\n### 3. Authentication\nThere are two authentication methods available: `Interactive authentication` and `Parameter authentication`\n\n#### Interactive authentication\nExecute `murphysec auth login` command and paste the access token.\n\n\u003e If you need to change the access token, you can repeat this command to overwrite the old one.\n\n#### Parameter Authentication\nSpecify the access token for authentication by adding the `--token` parameter\n\n\n### 4. Detection\nTo perform detection using the `murphysec scan` command, you can execute the following command.\n\n```bash\nmurphysec scan [your-project-path]\n```\n\nAvailable parameters\n\n- `--token`: Specify the access token\n- `--log-level`: Specify the log level to be printed on the command line output stream, no log will be printed by default, optional parameters are `silent`, `error`, `warn`, `info`, `debug`\n- `--json`: Specify the output of the result as json format, not showing the result details by default\n\n### 5. View results\nMurphySec CLI does not show the result details by default, you can view the results in [MurphySec platform](https://www.murphysec.com/console).\n\n\n## Command Introduction\n\n### murphysec auth\n\nMainly used for the management of certification\n\n```\nUsage:\n  murphysec auth [command]\n\nAvailable Commands:\n  login\n  logout\n```\n\n### murphysec scan\n\nMainly used to run detections\n\n```\nUsage:\n  murphysec scan DIR [flags]\n\nFlags:\n  -h, --help   help for scan\n      --json   json output\n\nGlobal Flags:\n      --log-level string      specify log level, must be silent|error|warn|info|debug\n      --no-log-file           do not write log file\n      --server string         specify server address\n      --token string          specify API token\n  -v, --version               show version and exit\n      --write-log-to string   specify log file path\n\n```\n\n## Communication\n\nContact our official WeChat account, and we'll add you into the group for communication. \n\n\u003cimg src=\"./assets/wechat.png\" width=\"200px\"\u003e\n\n## License\n[Apache 2.0](LICENSE)\n","funding_links":[],"categories":["Go","Software Composition Analysis"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmurphysecurity%2Fmurphysec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmurphysecurity%2Fmurphysec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmurphysecurity%2Fmurphysec/lists"}