Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/viiku/vulnerability-scanner

Case Study: Vulnerability Scannner can scans npm, maven and pypi packages and report vulnerability information about packages.
https://github.com/viiku/vulnerability-scanner

docker event-driven java21 kafka maven redis

Last synced: about 2 months ago
JSON representation

Case Study: Vulnerability Scannner can scans npm, maven and pypi packages and report vulnerability information about packages.

Awesome Lists containing this project

README 

          
# Vulnerability Scanner



## Overview



**Vulnerability Scanner** is an open-source tool designed to help developers and DevOps teams identify security vulnerabilities in software packages before they become a risk in production. It provides a simple, user-friendly interface and a RESTful API for scanning packages, viewing vulnerability reports, and tracking scan history.



This tool supports scanning for vulnerabilities in popular package managers (such as npm) and can be extended to support others. It is built with a modern React frontend and a robust Spring Boot backend.



---



## Features



- **Quick Package Scan:** Instantly check any package for known vulnerabilities.

- **Bulk Scan:** Scan multiple packages at once.

- **Vulnerability Reports:** View detailed reports including severity, CVE references, and remediation advice.

- **Scan History:** Track when packages were last scanned and view historical trends.

- **REST API:** Integrate vulnerability checks into your CI/CD pipelines.

- **Swagger Documentation:** Interactive API docs for easy exploration.



---



## Getting Started



### Prerequisites



- Java 17+ (backend)

- Node.js 18+ (frontend)

- Docker (optional, for containerized deployment)



### Local Development



1. **Backend**

   ```sh

   ./mvnw spring-boot:run

   ```

2. **Frontend**

   ```sh

   cd ui

   npm install

   npm run dev

   ```

3. **Access the UI:**  

   Open [http://localhost:5173](http://localhost:5173)



4. **API Documentation:**  

   Open [http://localhost:8080/swagger-ui/index.html](http://localhost:8080/swagger-ui/index.html)



---



## API Endpoints



| Method | Endpoint                                           | Description                        |

|--------|----------------------------------------------------|------------------------------------|

| GET    | `/api/packages/{packageName}`                      | Get package info                   |

| GET    | `/api/packages/{packageName}/vulnerabilities`      | Get cached vulnerabilities         |

| POST   | `/api/packages/{packageName}/scan`                 | Perform fresh vulnerability scan   |

| POST   | `/api/packages/bulk-scan`                          | Bulk scan multiple packages        |

| GET    | `/api/packages/{packageName}/scan-status`          | Get last scan status               |



See [Swagger UI](http://localhost:8080/swagger-ui/index.html) for full details.



---



## Docker Deployment



Run this application with Docker Compose:



```sh

git clone git@github.com:viiku/vulnerability-scanner.git

docker-compose up

```

---



## Contributing



Contributions are welcome! Please open issues or submit pull requests for improvements, bug fixes, or new features.



---