https://github.com/tcosolutions/betterscan

Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan
https://github.com/tcosolutions/betterscan

code-quality code-quality-analyzer compliance devops devops-tools devsecops gdpr owasp sast security-audit security-automation security-orchestration security-scanner security-tools sonarqube static-analysis static-analyzers static-code-analysis vulnerability vulnerability-scanner

Last synced: about 2 months ago
JSON representation

Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan

• Host: GitHub
• URL: https://github.com/tcosolutions/betterscan
• Owner: tcosolutions
• License: agpl-3.0
• Created: 2022-01-31T14:28:29.000Z (about 3 years ago)
• Default Branch: main
• Last Pushed: 2024-07-16T13:39:49.000Z (9 months ago)
• Last Synced: 2024-07-16T18:04:20.138Z (9 months ago)
• Topics: code-quality, code-quality-analyzer, compliance, devops, devops-tools, devsecops, gdpr, owasp, sast, security-audit, security-automation, security-orchestration, security-scanner, security-tools, sonarqube, static-analysis, static-analyzers, static-code-analysis, vulnerability, vulnerability-scanner
• Language: Python
• Homepage: https://betterscan.io
• Size: 12.1 MB
• Stars: 764
• Watchers: 18
• Forks: 89
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

• awesome-hacking-lists - tcosolutions/betterscan - Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan (Python)
• awesome-repositories - tcosolutions/betterscan - Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan (Python)
• awesome-security - Scanmycode CE (Community Edition) - Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report. Currently supports: PHP, Java, Scala, Python, Ruby, Javascript, GO, Secret Scanning, Dependency Confusion, Trojan Source, Open Source and Proprietary Checks (total ca. 1000 checks) (Web / Scanning / Pentesting)

README

        


  

    

  





  Open DevSecOps Orchestration Toolchain



## License

Released under [AGPL-3.0](/LICENSE) by [@tcosolutions](https://github.com/tcosolutions).

Scan your source code and infra IaC against top **security** risks

## Overview

**Betterscan** is a state-of-the-art orchestration toolchain designed to scan your source code and Infrastructure as Code (IaC) for **security** and **compliance** risks. 

 

## Open and Developer friendly DevSecOps toolchain

Betterscan uses many tools for Code, Cloud, secrets. All the best Tools, researched, setup, ran together, unifed and de-duplicated results, **so you don't have to do it**. Added our own checkers also. Continuous Security. Fit for purpose and results.

## License Information

## Debian Base Image

Docker images includes software from the Debian GNU/Linux distribution. Debian is made available under various open-source licenses. See below for details:

The full text of the licenses for software included in Debian can be found in /usr/share/common-licenses/ within the Debian system.

## Additional Software Licenses

Docker images includes software licensed under various licenses. The full license texts can be found in the image at `/srv/betterscan/LICENSE`.

If you want to scan your Code and Infrastructure (including Secrets, SBOMs, and dependencies)

Below setup is for Linux (Ubuntu), you can also run it on MacOS/Docker and Windows via WSL/Docker.

# Quickstart

## **2 options** are available:

### 1. Binary runtime

Scripts used checkmate CLI binary (python based)

Below are the checkmate current parameters:

Explanation of Parameters

```--backend:```

Specifies the backend type.

Choices: "sql" (default), "sqlite".

Example: --backend sql

```--backend-opts:```

Provides backend-specific options, such as the connection string for an SQL database or file path for SQLite.

Example for SQL: --backend-opts "postgresql://user:password@localhost/mydatabase"

Example for SQLite: --backend-opts "sqlite:///path/to/database.db"

defaults to memory store if not set for SQLite

```--path:```

Specifies the path to create the new project. Defaults to the current working directory if not specified.

Example: --path "/path/to/project"

```--pk:```

Sets the primary key for the project. If not provided, a UUID is generated.

Example: --pk "my_custom_primary_key"

Example Usage

To create a project with a SQL backend and a specific connection string:

```checkmate --backend sql --backend-opts "postgresql://user:password@localhost/mydatabase" --path "/path/to/project" --pk "custom_pk"```

#### CLI output

Run in command prompt in your Git repository folder:

`sh <(curl https://raw.githubusercontent.com/tcosolutions/betterscan/main/cli.sh)`

### HTML, JSON, SARIF output

The result will be in the current directory in "report.html", "report.json" and "report.sarif" file

Run in command prompt in your Git repository folder:

  

`sh <(curl https://raw.githubusercontent.com/tcosolutions/betterscan/main/cli-html.sh)`

### 2. Platform with Webinterface and workers (DEPRECATED due to unupdated dependencies)

#### Docker

If you need CI/CD and Web Interface, you need Docker-Compose installed as well, if you don't already have it.

Run in command prompt:

```

git clone [email protected]:tcosolutions/betterscan.git

cd betterscan/dockerhub

docker compose up

```

#### Kubernetest / Minikube

Installable via helm chart.

Helm Chart for Betterscan.io DevSecOps Toolchain platform

Please install under name betterscan

```

helm repo add betterscan-repo https://marcinguy.github.io/betterscan-chart

helm repo update

helm install betterscan betterscan-repo/betterscan

```

Open up the Browser to:

`http://localhost:5000`

Sign up locally (and login in when needed)

That's it.