{"id":13792881,"url":"https://github.com/robocoder/rips-scanner","last_synced_at":"2025-04-06T22:06:52.868Z","repository":{"id":9483141,"uuid":"11371314","full_name":"robocoder/rips-scanner","owner":"robocoder","description":"RIPS - A static source code analyser for vulnerabilities in PHP scripts","archived":false,"fork":false,"pushed_at":"2022-01-03T18:44:38.000Z","size":10435,"stargazers_count":315,"open_issues_count":1,"forks_count":73,"subscribers_count":21,"default_branch":"community","last_synced_at":"2025-03-30T19:11:12.103Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"http://rips-scanner.sourceforge.net/","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/robocoder.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-07-12T15:03:52.000Z","updated_at":"2025-03-25T09:42:25.000Z","dependencies_parsed_at":"2022-08-31T12:41:19.394Z","dependency_job_id":null,"html_url":"https://github.com/robocoder/rips-scanner","commit_stats":null,"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robocoder%2Frips-scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robocoder%2Frips-scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robocoder%2Frips-scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robocoder%2Frips-scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/robocoder","download_url":"https://codeload.github.com/robocoder/rips-scanner/tar.gz/refs/heads/community","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247557767,"owners_count":20958047,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T22:01:17.303Z","updated_at":"2025-04-06T22:06:52.848Z","avatar_url":"https://github.com/robocoder.png","language":"PHP","readme":"# RIPS\nA static source code analyser for vulnerabilities in PHP scripts\n\n## Requirements\n* web server: Apache or Nginx recommended\n* PHP: latest version recommended\n* browser: Firefox recommended\n\n## Installation\n1. Download the latest release\n2. Extract the files to your local web server's document root\n3. Make sure your web server has file permissions\n4. Make sure your installation is protected from unauthorized access\n5. Open your browser at http://localhost/rips-xx/\n\n## Usage\nFollow the instructions on the main page.\n\n## Command Line Interface - CLI\n\n#### Usage\n\nSee original php-rips scan html form (index.php) for more options.\n\n```\n  php index.php [option=value]\n```\n\n| Options | Value |\n| --- | --- |\n| loc | target scan file/folder \u003cpath\u003e |\n| subdir | recurse subdirs \\[0\\|1] |\n| ignore_warning | \\[0\\|1] |\n| vector | scan vectors \\[all\\|...] |\n| verbosity | log verbosity \\[0-9] |\n| treestyle | html output style \\[0\\|1] |\n| stylesheet | html output stylesheet \\[ayti\\|...] |\n\nExample: recursively scan ./code for all vuln. classes\n```\n  php index.php loc=./code subdirs=1 vector=all verbosity=2\n```\n\nNote: in cli-mode argv wil be parsed into `$_POST` therefore allowing you to set any POST variables.\n\n#### Jenkins-CI Integration Notes\n\n1. install the [html publisher plugin](https://wiki.jenkins-ci.org/display/JENKINS/HTML+Publisher+Plugin)\n2. configure (multiple) scm to clone both this repository and the source you want to scan to distinct folders\n3. add build step: execute shell\n\n\t```bash\n\t# config - remove this if you configure it via jenkins parameterized builds\n\tPATH_RIPS=rips-scanner\n\tPATH_REPORT=report\n\tFILE_REPORT=report.html\n\tPATH_TARGET=code\n\tRIPS_RECURSE_SUBDIR=1\n\tRIPS_VECTOR=all\n\tRIPS_VERBOSITY=2\n\t# copy dependencies\n\tmkdir -p report\n\tcp -r rips-scanner/css report\n\tcp -r rips-scanner/js report\n\t# run analysis\n\techo \"=========================================================\"\n\techo \"[**] running scan ... $PATH_TARGET\"\n\techo \"=========================================================\"\n\tphp $PATH_RIPS/index.php ignore_warning=1 loc=$PATH_TARGET subdirs=$RIPS_RECURSE_SUBDIR vector=$RIPS_VECTOR verbosity=$RIPS_VERBOSITY treestyle=1 stylesheet=ayti \u003e $PATH_REPORT/$FILE_REPORT\n\techo \"=========================================================\"\n\techo \"[**] scan done ... check out $PATH_REPORT/$FILE_REPORT\"\n\techo \"=========================================================\"\n\t```\n\n4. add build step: execute python\n\n\t```python\n\timport os, sys\n\timport rips_stats as rips\n\tif __name__==\"__main__\":\n\t    report = os.path.join(os.environ.get(\"PATH_REPORT\",\"report\"),os.environ.get(\"FILE_REPORT\",\"report.html\"))\n\t    sys.exit(rips.main([report]))\n\t```\n\n5. add post-build step: publish html, select folder 'report' name 'vulnerability-report'. A new clickable action icon 'vulnerability-report' will appear that points at the archived scan result.\n\n## Development\nThe `community` branch of RIPS is forked from version 0.55 and is not officially supported by RIPS Technologies.\n\nA completely rebuilt solution is available from RIPS Technologies that overcomes fundamental limitations in the open source version and performs state-of-the-art security analysis.\n\n| Compared Feature | RIPS 0.5 | Next Generation |\n| --- | --- | --- |\n| Supported PHP Language | PHP 3-4, no OOP | all, PHP 3-7 |\n| Static Code Analysis | Only Token-based | Full |\n| Analysis Precision | Low | Very High |\n| PHP Version Specific Analysis | No | Yes |\n| Scales to Large Codesizes | No | Yes |\n| API / CLI Support | No | Yes |\n| Continuous Integration | No | Yes |\n| Compliance / Standards | No | Yes |\n| Store Analysis Results | No | Yes |\n| Export Analysis Results | No | Yes |\n| Issue Review System | No | Yes |\n| Realtime Results | No | Yes |\n| Vulnerability Trends | No | Yes |\n| Detects Latest Risks | No | Yes |\n| Detects Complex Vulnerabilities | Limited | Yes |\n| Supported Issue Types | 15 | \u003e140 |\n| Speed | Fast | Fast |\n\nLearn more about the next generation of RIPS at https://www.ripstech.com/product/datasheets/.\n","funding_links":[],"categories":["PHP","Инструменты"],"sub_categories":["Статические анализаторы приложений (SAST)"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frobocoder%2Frips-scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frobocoder%2Frips-scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frobocoder%2Frips-scanner/lists"}