Skip to content

Kali-ai007/SecureFlow

BranchesTags

Repository files navigation

🔒 SecureFlow - DevSecOps Security Scanner

Automated multi-scanner vulnerability detection for CI/CD pipelines with web dashboard

Python Security Scanners Findings License Status

🎯 Overview

SecureFlow is a comprehensive DevSecOps security scanning orchestrator that integrates multiple industry-standard security tools into a unified platform. It detects vulnerabilities in source code, dependencies, and secrets, presenting findings through both a beautiful CLI and an interactive web dashboard.

🌟 Why SecureFlow?

Most security tools work in isolation. SecureFlow orchestrates them all:

Your Code → SecureFlow → Semgrep (Code Analysis)
                      → Trivy (Dependencies)
                      → TruffleHog (Secrets)
                      → Unified Report + Dashboard

🚀 Features

Core Scanning

  • 🔍 SAST - Semgrep static code analysis
  • 📦 SCA - Trivy dependency vulnerability scanning
  • 🔑 Secret Detection - TruffleHog git history scanning
  • 📊 Unified Reporting - Aggregated results from all scanners
  • 💾 JSON Export - Machine-readable results for CI/CD

Web Dashboard

  • 🌐 Interactive Dashboard - Beautiful web interface
  • 📈 Visual Charts - Severity and scanner breakdown
  • 🎨 Modern UI - Clean, responsive design
  • 📋 Detailed Reports - Vulnerability details view

CLI Interface

  • 🎨 Colored Output - Color-coded severity indicators
  • 📂 Smart Categorization - By type and severity
  • 🔧 Flexible Options - Run individual or all scanners

📊 Detection Capabilities

Category Tool Severity
Code Injection Semgrep 🔴 Critical
SQL Injection Semgrep 🔴 Critical
Command Injection Semgrep 🔴 Critical
XSS Semgrep 🔴 Critical
Hardcoded Secrets Semgrep + TruffleHog 🔴 Critical
Path Traversal Semgrep 🟠 High
Vulnerable Dependencies Trivy 🟠 High
Weak Cryptography Semgrep 🟡 Medium
Security Misconfig Semgrep 🟡 Medium
Template Injection Semgrep 🔴 Critical

🚀 Quick Start

Installation

# Clone the repository
git clone https://github.com/kksr1994/SecureFlow.git
cd SecureFlow

# Create virtual environment
python3 -m venv venv
source venv/bin/activate

# Install dependencies
pip install -r requirements.txt

# Verify all tools
python3 cli/main.py check

CLI Usage

# Check tools
python3 cli/main.py check

# Scan with Semgrep (code analysis)
python3 cli/main.py scan -t /path/to/project -s semgrep

# Scan with Trivy (dependencies)
python3 cli/main.py scan -t /path/to/project -s trivy

# Scan with TruffleHog (secrets)
python3 cli/main.py scan -t /path/to/project -s trufflehog

# Run ALL scanners with unified report
python3 cli/main.py scan -t /path/to/project -s all

# Show all findings
python3 cli/main.py scan -t /path/to/project -s all --all

Web Dashboard

# Start dashboard
python3 dashboard/app.py

# Open browser
# http://localhost:5000

📊 Example Output

╔═══════════════════════════════════════════════════════╗
║              🔒 SECUREFLOW v2.0 🔒                   ║
║     Your DevSecOps Security Scanner Orchestrator     ║
║              Now with 3 Integrated Scanners!         ║
╚═══════════════════════════════════════════════════════╝

================================================================================
📊 SECUREFLOW UNIFIED SECURITY REPORT
================================================================================

🕐 Scan Time: 2026-02-16T16:24:05
🔧 Scanners Used: Semgrep, Trivy, TruffleHog

📈 OVERALL SUMMARY:
   Total Security Findings: 32

🎯 By Severity:
   🔴 CRITICAL: 12
   🟠 HIGH:     2
   🟡 MEDIUM:   18
   🟢 LOW:      0

🔍 By Scanner:
   Semgrep (SAST): 27 findings
   Trivy (SCA): 4 findings
   TruffleHog (Secrets): 1 finding

💡 RECOMMENDATIONS:
   ⚠️  12 CRITICAL issues require IMMEDIATE attention!
   🟠 2 HIGH severity issues should be fixed soon
   🟡 18 MEDIUM issues - plan to address
================================================================================

🏗️ Project Structure

SecureFlow/
├── cli/
│   └── main.py                      # CLI interface
├── scanners/
│   ├── semgrep_scanner.py           # SAST scanning
│   ├── trivy_scanner.py             # Dependency scanning
│   └── trufflehog_scanner.py        # Secret detection
├── aggregator/
│   └── result_aggregator.py         # Unified reporting
├── dashboard/
│   ├── app.py                       # Flask web server
│   ├── templates/dashboard.html     # Web UI
│   └── static/css/style.css         # Styling
├── data/scans/                      # JSON results
├── docs/LEARNING_LOG.md             # Dev journey
├── test-apps/
│   ├── vulnerable-app/              # Insecure examples
│   └── secure-example/              # Secure examples
└── requirements.txt

📈 Development Journey

Day 1 - Foundation

  • Environment setup (Kali Linux, Python, tools)
  • Project structure and architecture
  • Tool verification

Day 2 - Core Scanner

  • Semgrep SAST integration
  • CLI tool with colored output
  • Found 27 vulnerabilities in test app!

Day 3 - Multi-Scanner

  • Trivy dependency scanner
  • TruffleHog secret scanner
  • Result aggregator and unified report
  • Secure coding examples with encryption
  • Total: 32 vulnerabilities detected!

Day 4 - Web Dashboard

  • Flask web server
  • Interactive HTML dashboard
  • Chart.js visualizations
  • Severity and scanner charts
  • Recommendations display

🚧 Roadmap

Completed

  • Semgrep SAST integration
  • Trivy SCA integration
  • TruffleHog secret detection
  • Multi-scanner orchestration
  • Unified security report
  • Web dashboard with charts
  • Secure coding examples
  • CLI with colored output

Planned

  • PDF report generation
  • GitHub Actions integration
  • Docker containerization
  • Auto-fix suggestions
  • Risk scoring algorithm
  • Slack notifications
  • Custom rule creation
  • SARIF format export

🔒 Security Examples

Vulnerable Code

# SQL Injection - BAD
sql = f"SELECT * FROM users WHERE name = '{user_input}'"

# Command Injection - BAD
os.system(f'ping -c 1 {user_input}')

# Hardcoded Secret - BAD
API_KEY = "sk_live_abc123"

Secure Code

# SQL Injection prevention
cursor.execute("SELECT * FROM users WHERE name = ?", (user_input,))

# Command Injection prevention
subprocess.run(['ping', '-c', '1', host], capture_output=True)

# Secrets management
API_KEY = os.getenv('STRIPE_API_KEY')

🎯 CI/CD Integration

# .github/workflows/security.yml
name: Security Scan
on: [push, pull_request]
jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Run SecureFlow
        run: |
          pip install semgrep
          python3 cli/main.py scan -t . -s all

📊 Statistics

Metric Value
Lines of Code 1,800+
Files Created 20+
Scanners 3
Vulnerabilities Detected 32
Development Days 4
Commits 9+

🛡️ Security Notice

The test-apps/vulnerable-app/ directory contains intentionally vulnerable code for educational purposes. All API keys are FAKE test data. See test-apps/secure-example/ for proper security practices.

🤝 Contributing

  1. Fork the repository
  2. Create feature branch: git checkout -b feature/AmazingFeature
  3. Commit: git commit -m 'Add AmazingFeature'
  4. Push: git push origin feature/AmazingFeature
  5. Open a Pull Request

📝 License

MIT License - Copyright (c) 2026 kksr1994

👨‍💻 Author

kksr1994 - Security Enthusiast & Developer

🙏 Acknowledgments

  • Semgrep, Trivy, TruffleHog teams
  • OWASP for security resources
  • Chart.js for visualizations
Screenshot 2026-02-16 231544 Screenshot 2026-02-16 230825 Screenshot 2026-02-16 230818 Screenshot 2026-02-16 230811

⭐ Star this repo if you found it useful!

Built with ❤️ over 4 intensive days of learning DevSecOps

About

DevSecOps security scanner for automated vulnerability detection in CI/CD pipelines

github.com/kksr1994/SecureFlow

Topics

python security static-analysis owasp ci-cd cybersecurity penetration-testing pentesting vulnerability-scanners security-automation security-tools devsecops sast security-toolset semgrep

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages