https://github.com/nearform/gammaray
Node.js vulnerability scanner
https://github.com/nearform/gammaray
Last synced: 14 days ago
JSON representation
Node.js vulnerability scanner
- Host: GitHub
- URL: https://github.com/nearform/gammaray
- Owner: nearform
- License: mit
- Archived: true
- Created: 2018-02-02T16:27:46.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2020-02-06T15:50:56.000Z (about 5 years ago)
- Last Synced: 2025-03-26T17:53:33.815Z (about 1 month ago)
- Language: Go
- Homepage:
- Size: 22.9 MB
- Stars: 103
- Watchers: 7
- Forks: 5
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-repositories - nearform/gammaray - Node.js vulnerability scanner (Go)
- awesome-nodejs-security - gammaray - Runs a security audit based on your package.json using the [Node.js Security Working Group vulnerability data](https://github.com/nodejs/security-wg/). (Vulnerabilities and Security Advisories)
- awesome-nodejs-security - gammaray - Runs a security audit based on your package.json using the [Node.js Security Working Group vulnerability data](https://github.com/nodejs/security-wg/). (Vulnerabilities and Security Advisories)
README
# Gamma Ray
[](https://goreportcard.com/report/github.com/nearform/gammaray)

[](https://coveralls.io/github/nearform/gammaray?branch=master)Gammaray is a software that helps developers to look for vulnerabilities on their Node.js
applications. Its pluggable infrastructure makes very easy to write an integration with
several vulnerabilities databases.## Get It
In order to get it just run:
```console
$> go get github.com/nearform/gammaray
```
Once it is finished, you should have the `gammaray` binary in your `GOPATH/bin` folder.## Build it
```console
$> make
```## Usage
Gammaray comes as a single binary so you only need to run it passing your project as argument:
```console
$> gammaray
```Gammaray supports the following flags:
`-path` - path to directory where package.json is located
`-image` - docker image to scan
`-log-level` - valid values: `panic` | `fatal` | `error` | `warn` | `info` | `debug`. The default is `info`.
`-ignore-list` - path to JSON file with CVE/CWE ignore array
The sample file is shown below:
```
[
{"CVE": "CWE-400", "description": "We ignore this because it does not affect us"},
{"CVE": "CVE-2015-8851", "description": "We ignore this because it does not affect us"}
]
```And that is all, all the vulnerabilities that affect your packages will be displayed.
## Contributing
### As a developer
Clone the repository, then start hacking, PRs are welcome !
```console
$> mkdir -p $GOPATH/src/github.com/nearform/
$> cd $GOPATH/src/github.com/nearform/
$> git clone https://github.com/nearform/gammaray.git
$> cd gammaray
$> make dev-install
```### As security provider
You want to be integrated? Contact me [here](https://www.linkedin.com/in/david-gonzalez-microservices/)