https://github.com/retirejs/retire-site-scanner
https://github.com/retirejs/retire-site-scanner
Last synced: 7 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/retirejs/retire-site-scanner
- Owner: RetireJS
- License: apache-2.0
- Created: 2024-02-15T20:12:11.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-09-26T06:36:42.000Z (over 1 year ago)
- Last Synced: 2025-03-18T18:56:06.989Z (about 1 year ago)
- Language: TypeScript
- Size: 195 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# retire-site-scanner
Scans a URL and looks for JavaScript libraries with known vulnerabilities using retire.js. Can also produce a partial SBOM for the site.
## Install with npm
```
npm install -g retire-site-scanner
```
Run:
```
retire-site-scanner [-v] [--sbom]
```
## Run using docker
```
docker run --rm ghcr.io/retirejs/retire-site-scanner:latest [-v] [--sbom]
```
## Install from source
```
git clone git@github.com:RetireJS/retire-site-scanner.git
cd retire-site-scanner
npm install
```
### Run directly from source
```
npm run start -- [-v] [--sbom]
```
### Run using Docker
**Build container**
```
git clone git@github.com:RetireJS/retire-site-scanner.git
cd retire-site-scanner
docker build -t retire-site-scanner .
```
**Scanning**
```
docker run --rm retire-site-scanner [-v] [--sbom]
```
## SBOM support
`retire-site-scanner` can generate a partial SBOM in the CycloneDX v1.4 format. This cannot be considered a complete SBOM for the web site, as it cannot necessarily detect all technologies in use, but can be used as a partial SBOM listing libraries and services.