https://github.com/nearform/gammaray

Node.js vulnerability scanner
https://github.com/nearform/gammaray

Last synced: about 1 month ago
JSON representation

Node.js vulnerability scanner

• Host: GitHub
• URL: https://github.com/nearform/gammaray
• Owner: nearform
• License: mit
• Archived: true
• Created: 2018-02-02T16:27:46.000Z (over 7 years ago)
• Default Branch: master
• Last Pushed: 2020-02-06T15:50:56.000Z (over 5 years ago)
• Last Synced: 2025-03-26T17:53:33.815Z (2 months ago)
• Language: Go
• Homepage:
• Size: 22.9 MB
• Stars: 103
• Watchers: 7
• Forks: 5
• Open Issues: 4
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-repositories - nearform/gammaray - Node.js vulnerability scanner (Go)
• awesome-nodejs-security - gammaray - Runs a security audit based on your package.json using the [Node.js Security Working Group vulnerability data](https://github.com/nodejs/security-wg/). (Vulnerabilities and Security Advisories)
• awesome-nodejs-security - gammaray - Runs a security audit based on your package.json using the [Node.js Security Working Group vulnerability data](https://github.com/nodejs/security-wg/). (Vulnerabilities and Security Advisories)

README

        
# Gamma Ray

[![Go Report Card](https://goreportcard.com/badge/github.com/nearform/gammaray)](https://goreportcard.com/report/github.com/nearform/gammaray)

![Travis](https://travis-ci.org/nearform/gammaray.svg?branch=master)

[![Coverage Status](https://coveralls.io/repos/github/nearform/gammaray/badge.svg?branch=master)](https://coveralls.io/github/nearform/gammaray?branch=master)

Gammaray is a software that helps developers to look for vulnerabilities on their Node.js

applications. Its pluggable infrastructure makes very easy to write an integration with

several vulnerabilities databases.

## Get It

In order to get it just run:

```console

$> go get github.com/nearform/gammaray

```

Once it is finished, you should have the `gammaray` binary in your `GOPATH/bin` folder.

## Build it

```console

$> make

```

## Usage

Gammaray comes as a single binary so you only need to run it passing your project as argument:

```console

$> gammaray 

```

Gammaray supports the following flags:

`-path` - path to directory where package.json is located

`-image` - docker image to scan

`-log-level` - valid values: `panic` | `fatal` | `error` | `warn` | `info` | `debug`. The default is `info`.

`-ignore-list` - path to JSON file with CVE/CWE ignore array

The sample file is shown below:

```

[

  {"CVE": "CWE-400", "description": "We ignore this because it does not affect us"},

  {"CVE": "CVE-2015-8851", "description": "We ignore this because it does not affect us"}

]

```

And that is all, all the vulnerabilities that affect your packages will be displayed.

## Contributing

### As a developer

Clone the repository, then start hacking, PRs are welcome !

```console

$> mkdir -p $GOPATH/src/github.com/nearform/

$> cd $GOPATH/src/github.com/nearform/

$> git clone https://github.com/nearform/gammaray.git

$> cd gammaray

$> make dev-install

```

### As security provider

You want to be integrated? Contact me [here](https://www.linkedin.com/in/david-gonzalez-microservices/)