njsscan
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
LGPL-3.0 License
Bot releases are hidden (Show)
What's Changed
- Update timing_attack_node.yaml by @sebasrevuelta in https://github.com/ajinabraham/njsscan/pull/113
- bump version + lint qa by @ajinabraham in https://github.com/ajinabraham/njsscan/pull/117
- Update nosql_find_injection.yaml to exclude sequelize's .findOne() false positives by @bleow in https://github.com/ajinabraham/njsscan/pull/115
New Contributors
- @sebasrevuelta made their first contribution in https://github.com/ajinabraham/njsscan/pull/113
- @bleow made their first contribution in https://github.com/ajinabraham/njsscan/pull/115
Full Changelog: https://github.com/ajinabraham/njsscan/compare/0.3.6...0.3.7
Published by ajinabraham about 1 year ago
- Huge Performance Improvement from libsast bump
Published by ajinabraham about 1 year ago
Bump semgrep + libsast
Published by ajinabraham about 2 years ago
- Code QA
- SARIF to display CWE on Github Advanced Security dashboard
Published by ajinabraham about 2 years ago
- libasat update
- Fixes #68
Published by ajinabraham over 2 years ago
- libasat and semgrep update including bug fixes
- support M1 Mac ARM
- drop support for Python 3.6
- test fixes
Published by ajinabraham over 2 years ago
- Major libsast upgrade
- Standard mapping support from libsast
- Publish latest docker images from master and release
Published by ajinabraham over 2 years ago
- Performance Improvements
- Major semgrep upgrade
- SQLi rule bug fix
- Rules QA
Published by ajinabraham about 3 years ago
- Support ES6 syntax for NoSQL find injection rule (@CharlyJazz)
- Added Severity Filter (@ansidorov)
- Remove Duplicated Rule
- Refactor Tests
Published by ajinabraham over 3 years ago
- Support
njsscan-ignorefor templates - deprecate
ignore:
Published by ajinabraham over 3 years ago
- semgrep update
- CWE Typo Fix
- libsast pattern matcher to support ignore findings.
Published by ajinabraham over 3 years ago
- Rules QA
- License Change: LGPL2.1 -> LGPL3.0+
- Semgrep bump
Published by ajinabraham over 3 years ago
- Bump Semgrep version to 0.47
- Rule QA
- Support HTML output format
Published by ajinabraham over 3 years ago
- Bump Semgrep version to 0.45
- Update Max Scan file size from 25 to 5 MB.
- Added New Sequelize Rules from Semgrep, contributed by @0xdbe
sequelize_tls
sequelize_tls_cert_validation
sequelize_weak_tls
Published by ajinabraham over 3 years ago
- Removing a leading statement ellipsis trims time on a test corpus from
32.7 to 24.2 seconds. - Bump libsast, skip files > 25MB for pattern matcher and choice matcher.
Published by ajinabraham over 3 years ago
- New Rule Express hbs Local File Read
- Rule QA
- New config
--configto support .njsscan file from a custom location - Replaced expires rule and maxAge rule
Published by ajinabraham almost 4 years ago
Semgrep version update
Published by ajinabraham almost 4 years ago
- libsast pinned to a particular version
Published by ajinabraham almost 4 years ago
- Semgrep version bump
- New Rules - Knex SQLI, AES no IV
- Tabular CL output
- Rule QA
Published by ajinabraham almost 4 years ago
- Added SARIF Support
- Semgrep version bump
- Rule QA
